SlideShare a Scribd company logo

SEC to consult with NIST to define what constitutes #cybersecurity "expertise or experience."

David Sweigert
David Sweigert

Uploaded as a courtesy by: Dave Sweigert Defining Cybersecurity Expert The legislation also would direct the SEC, in consultation with the National Institute of Standards and Technology, to define what constitutes expertise or experience in cybersecurity. The bill suggests the definition could be based on professional qualifications to administer information security programs or expertise in mitigating cyberattacks as described in NIST's NICE Cybersecurity Workforce Framework. NICE stands for National Initiative for Cybersecurity Education. "As cyberattacks become increasingly common, Congress must take action to better protect Americans from hackers attempting to steal sensitive data and personal information [by making] sure companies disclose to the public the basic steps they are taking to protect their businesses from cyberattacks," Collins said.

Internet
1 of 4
II 115TH CONGRESS 1ST SESSION S. 536 To promote transparency in the oversight of cybersecurity risks at publicly traded companies. IN THE SENATE OF THE UNITED STATES MARCH 7, 2017 Mr. REED (for himself, Ms. COLLINS, and Mr. WARNER) introduced the fol- lowing bill; which was read twice and referred to the Committee on Bank- ing, Housing, and Urban Affairs A BILL To promote transparency in the oversight of cybersecurity risks at publicly traded companies. Be it enacted by the Senate and House of Representa-1 tives of the United States of America in Congress assembled,2 SECTION 1. SHORT TITLE.3 This Act may be cited as the ‘‘Cybersecurity Disclo-4 sure Act of 2017’’.5 SEC. 2. CYBERSECURITY TRANSPARENCY.6 (a) DEFINITIONS.—In this section—7 (1) the term ‘‘Commission’’ means the Securi-8 ties and Exchange Commission;9 (2) the term ‘‘cybersecurity threat’’—10 VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS
2 •S 536 IS (A) means an action, not protected by the1 First Amendment to the Constitution of the2 United States, on or through an information3 system that may result in an unauthorized ef-4 fort to adversely impact the security, avail-5 ability, confidentiality, or integrity of an infor-6 mation system or information that is stored on,7 processed by, or transiting an information sys-8 tem; and9 (B) does not include any action that solely10 involves a violation of a consumer term of serv-11 ice or a consumer licensing agreement;12 (3) the term ‘‘information system’’—13 (A) has the meaning given the term in sec-14 tion 3502 of title 44, United States Code; and15 (B) includes industrial control systems,16 such as supervisory control and data acquisition17 systems, distributed control systems, and pro-18 grammable logic controllers;19 (4) the term ‘‘issuer’’ has the meaning given20 the term in section 3 of the Securities Exchange Act21 of 1934 (15 U.S.C. 78c);22 (5) the term ‘‘NIST’’ means the National Insti-23 tute of Standards and Technology; and24 VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS
3 •S 536 IS (6) the term ‘‘reporting company’’ means any1 company that is an issuer—2 (A) the securities of which are registered3 under section 12 of the Securities Exchange4 Act of 1934 (15 U.S.C. 78l); or5 (B) that is required to file reports under6 section 15(d) of such Act (15 U.S.C. 78o(d)).7 (b) REQUIREMENT TO ISSUE RULES.—Not later8 than 360 days after the date of enactment of this Act,9 the Commission shall issue final rules to require each re-10 porting company, in the annual report submitted under11 section 13 or section 15(d) of the Securities Exchange Act12 of 1934 (15 U.S.C. 78m and 78o(d)) or the annual proxy13 statement submitted under section 14(a) of such Act (1514 U.S.C. 78n(a))—15 (1) to disclose whether any member of the gov-16 erning body, such as the board of directors or gen-17 eral partner, of the reporting company has expertise18 or experience in cybersecurity and in such detail as19 necessary to fully describe the nature of the exper-20 tise or experience; and21 (2) if no member of the governing body of the22 reporting company has expertise or experience in cy-23 bersecurity, to describe what other cybersecurity24 steps taken by the reporting company were taken25 VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS
4 •S 536 IS into account by such persons responsible for identi-1 fying and evaluating nominees for any member of2 the governing body, such as a nominating com-3 mittee.4 (c) CYBERSECURITY EXPERTISE OR EXPERIENCE.—5 For purposes of subsection (b), the Commission, in con-6 sultation with NIST, shall define what constitutes exper-7 tise or experience in cybersecurity, such as professional8 qualifications to administer information security program9 functions or experience detecting, preventing, mitigating,10 or addressing cybersecurity threats, using commonly de-11 fined roles, specialities, knowledge, skills, and abilities,12 such as those provided in NIST Special Publication 800–13 181 entitled ‘‘NICE Cybersecurity Workforce Frame-14 work’’, or any successor thereto.15 Æ VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6301 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS

Recommended

Congress seeks metrics for the NIST Cybersecurity Framework
Congress seeks metrics for the NIST Cybersecurity FrameworkCongress seeks metrics for the NIST Cybersecurity Framework
Congress seeks metrics for the NIST Cybersecurity FrameworkDavid Sweigert
 
Senate s754 cybersecurity infomation sharing act
Senate s754 cybersecurity infomation sharing actSenate s754 cybersecurity infomation sharing act
Senate s754 cybersecurity infomation sharing actAnonDownload
 
Security and freedom through encryption act (safe act)
Security and freedom through encryption act (safe act)Security and freedom through encryption act (safe act)
Security and freedom through encryption act (safe act)Chuck Thompson
 
Government Contracting- The Dawn of the CMMC - Win Federal Contracts
Government Contracting- The Dawn of the CMMC - Win Federal ContractsGovernment Contracting- The Dawn of the CMMC - Win Federal Contracts
Government Contracting- The Dawn of the CMMC - Win Federal ContractsJSchaus & Associates
 
Data Value Transparency Bill
Data Value Transparency BillData Value Transparency Bill
Data Value Transparency BillPaperjam_redaction
 
Microsoft 2006 10-K
Microsoft 2006 10-KMicrosoft 2006 10-K
Microsoft 2006 10-Kearnirgsreports
 
micron technollogy 10k_2006
micron technollogy 10k_2006micron technollogy 10k_2006
micron technollogy 10k_2006finance36
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxJack Nichelson
 

Recommended

Congress seeks metrics for the NIST Cybersecurity Framework
Congress seeks metrics for the NIST Cybersecurity FrameworkCongress seeks metrics for the NIST Cybersecurity Framework
Congress seeks metrics for the NIST Cybersecurity FrameworkDavid Sweigert
 
Senate s754 cybersecurity infomation sharing act
Senate s754 cybersecurity infomation sharing actSenate s754 cybersecurity infomation sharing act
Senate s754 cybersecurity infomation sharing actAnonDownload
 
Security and freedom through encryption act (safe act)
Security and freedom through encryption act (safe act)Security and freedom through encryption act (safe act)
Security and freedom through encryption act (safe act)Chuck Thompson
 
Government Contracting- The Dawn of the CMMC - Win Federal Contracts
Government Contracting- The Dawn of the CMMC - Win Federal ContractsGovernment Contracting- The Dawn of the CMMC - Win Federal Contracts
Government Contracting- The Dawn of the CMMC - Win Federal ContractsJSchaus & Associates
 
Data Value Transparency Bill
Data Value Transparency BillData Value Transparency Bill
Data Value Transparency BillPaperjam_redaction
 
Microsoft 2006 10-K
Microsoft 2006 10-KMicrosoft 2006 10-K
Microsoft 2006 10-Kearnirgsreports
 
micron technollogy 10k_2006
micron technollogy 10k_2006micron technollogy 10k_2006
micron technollogy 10k_2006finance36
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxJack Nichelson
 
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...xstokes825
 
SEC Cybersecurity Rule.pdf
SEC Cybersecurity Rule.pdfSEC Cybersecurity Rule.pdf
SEC Cybersecurity Rule.pdfInternet Law Center
 
DRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
 
micron technollogy 10KFY2007
micron technollogy 10KFY2007micron technollogy 10KFY2007
micron technollogy 10KFY2007finance36
 
micron technollogy 2000_10k
micron technollogy 2000_10kmicron technollogy 2000_10k
micron technollogy 2000_10kfinance36
 
Insider dealing in company law
Insider dealing in company lawInsider dealing in company law
Insider dealing in company lawArjun Ariaratnam
 
Wilssc 006 xml
Wilssc 006 xmlWilssc 006 xml
Wilssc 006 xmlAndrey Apuhtin
 
Space act of 2015
Space act of 2015 Space act of 2015
Space act of 2015 Dmitry Tseitlin
 
Federal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryFederal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryDavid Sweigert
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Lance Michalson
 
FORM 10−K
FORM 10−KFORM 10−K
FORM 10−KVideoguy
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview Ignyte Assurance Platform
 
micron technollogy 2003_10-K
micron technollogy 2003_10-Kmicron technollogy 2003_10-K
micron technollogy 2003_10-Kfinance36
 
dish network annual reports 2000
dish network annual reports 2000dish network annual reports 2000
dish network annual reports 2000finance24
 
plains all american pipeline Table of Contents and Forward Looking Statement...
plains all american pipeline Table of Contents and Forward Looking Statement...plains all american pipeline Table of Contents and Forward Looking Statement...
plains all american pipeline Table of Contents and Forward Looking Statement...finance13
 
dish network annual reports 2002
dish network annual reports 2002dish network annual reports 2002
dish network annual reports 2002finance24
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
micron technollogy 1999_10k
micron technollogy 1999_10kmicron technollogy 1999_10k
micron technollogy 1999_10kfinance36
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxJack Nichelson
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 

More Related Content

Similar to SEC to consult with NIST to define what constitutes #cybersecurity "expertise or experience."

Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...xstokes825
 
DRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
 
micron technollogy 10KFY2007
micron technollogy 10KFY2007micron technollogy 10KFY2007
micron technollogy 10KFY2007finance36
 
micron technollogy 2000_10k
micron technollogy 2000_10kmicron technollogy 2000_10k
micron technollogy 2000_10kfinance36
 
Insider dealing in company law
Insider dealing in company lawInsider dealing in company law
Insider dealing in company lawArjun Ariaratnam
 
Federal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryFederal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryDavid Sweigert
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Lance Michalson
 
FORM 10−K
FORM 10−KFORM 10−K
FORM 10−KVideoguy
 
micron technollogy 2003_10-K
micron technollogy 2003_10-Kmicron technollogy 2003_10-K
micron technollogy 2003_10-Kfinance36
 
dish network annual reports 2000
dish network annual reports 2000dish network annual reports 2000
dish network annual reports 2000finance24
 
plains all american pipeline Table of Contents and Forward Looking Statement...
plains all american pipeline Table of Contents and Forward Looking Statement...plains all american pipeline Table of Contents and Forward Looking Statement...
plains all american pipeline Table of Contents and Forward Looking Statement...finance13
 
dish network annual reports 2002
dish network annual reports 2002dish network annual reports 2002
dish network annual reports 2002finance24
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
micron technollogy 1999_10k
micron technollogy 1999_10kmicron technollogy 1999_10k
micron technollogy 1999_10kfinance36
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxJack Nichelson
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 

Similar to SEC to consult with NIST to define what constitutes #cybersecurity "expertise or experience." (20)

Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Gove...
 
SEC Cybersecurity Rule.pdf
SEC Cybersecurity Rule.pdfSEC Cybersecurity Rule.pdf
SEC Cybersecurity Rule.pdf
 
DRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leakedDRAFT of NEW White House Cybersecurity Executive Order leaked
DRAFT of NEW White House Cybersecurity Executive Order leaked
 
micron technollogy 10KFY2007
micron technollogy 10KFY2007micron technollogy 10KFY2007
micron technollogy 10KFY2007
 
micron technollogy 2000_10k
micron technollogy 2000_10kmicron technollogy 2000_10k
micron technollogy 2000_10k
 
Insider dealing in company law
Insider dealing in company lawInsider dealing in company law
Insider dealing in company law
 
Wilssc 006 xml
Wilssc 006 xmlWilssc 006 xml
Wilssc 006 xml
 
Space act of 2015
Space act of 2015 Space act of 2015
Space act of 2015
 
Federal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card IndustryFederal Trade Commission empowers Payment Card Industry
Federal Trade Commission empowers Payment Card Industry
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 
FORM 10−K
FORM 10−KFORM 10−K
FORM 10−K
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
micron technollogy 2003_10-K
micron technollogy 2003_10-Kmicron technollogy 2003_10-K
micron technollogy 2003_10-K
 
dish network annual reports 2000
dish network annual reports 2000dish network annual reports 2000
dish network annual reports 2000
 
plains all american pipeline Table of Contents and Forward Looking Statement...
plains all american pipeline Table of Contents and Forward Looking Statement...plains all american pipeline Table of Contents and Forward Looking Statement...
plains all american pipeline Table of Contents and Forward Looking Statement...
 
dish network annual reports 2002
dish network annual reports 2002dish network annual reports 2002
dish network annual reports 2002
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
micron technollogy 1999_10k
micron technollogy 1999_10kmicron technollogy 1999_10k
micron technollogy 1999_10k
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 

Recently uploaded (20)

Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 

SEC to consult with NIST to define what constitutes #cybersecurity "expertise or experience."

  • 1. II 115TH CONGRESS 1ST SESSION S. 536 To promote transparency in the oversight of cybersecurity risks at publicly traded companies. IN THE SENATE OF THE UNITED STATES MARCH 7, 2017 Mr. REED (for himself, Ms. COLLINS, and Mr. WARNER) introduced the fol- lowing bill; which was read twice and referred to the Committee on Bank- ing, Housing, and Urban Affairs A BILL To promote transparency in the oversight of cybersecurity risks at publicly traded companies. Be it enacted by the Senate and House of Representa-1 tives of the United States of America in Congress assembled,2 SECTION 1. SHORT TITLE.3 This Act may be cited as the ‘‘Cybersecurity Disclo-4 sure Act of 2017’’.5 SEC. 2. CYBERSECURITY TRANSPARENCY.6 (a) DEFINITIONS.—In this section—7 (1) the term ‘‘Commission’’ means the Securi-8 ties and Exchange Commission;9 (2) the term ‘‘cybersecurity threat’’—10 VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS
  • 2. 2 •S 536 IS (A) means an action, not protected by the1 First Amendment to the Constitution of the2 United States, on or through an information3 system that may result in an unauthorized ef-4 fort to adversely impact the security, avail-5 ability, confidentiality, or integrity of an infor-6 mation system or information that is stored on,7 processed by, or transiting an information sys-8 tem; and9 (B) does not include any action that solely10 involves a violation of a consumer term of serv-11 ice or a consumer licensing agreement;12 (3) the term ‘‘information system’’—13 (A) has the meaning given the term in sec-14 tion 3502 of title 44, United States Code; and15 (B) includes industrial control systems,16 such as supervisory control and data acquisition17 systems, distributed control systems, and pro-18 grammable logic controllers;19 (4) the term ‘‘issuer’’ has the meaning given20 the term in section 3 of the Securities Exchange Act21 of 1934 (15 U.S.C. 78c);22 (5) the term ‘‘NIST’’ means the National Insti-23 tute of Standards and Technology; and24 VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS
  • 3. 3 •S 536 IS (6) the term ‘‘reporting company’’ means any1 company that is an issuer—2 (A) the securities of which are registered3 under section 12 of the Securities Exchange4 Act of 1934 (15 U.S.C. 78l); or5 (B) that is required to file reports under6 section 15(d) of such Act (15 U.S.C. 78o(d)).7 (b) REQUIREMENT TO ISSUE RULES.—Not later8 than 360 days after the date of enactment of this Act,9 the Commission shall issue final rules to require each re-10 porting company, in the annual report submitted under11 section 13 or section 15(d) of the Securities Exchange Act12 of 1934 (15 U.S.C. 78m and 78o(d)) or the annual proxy13 statement submitted under section 14(a) of such Act (1514 U.S.C. 78n(a))—15 (1) to disclose whether any member of the gov-16 erning body, such as the board of directors or gen-17 eral partner, of the reporting company has expertise18 or experience in cybersecurity and in such detail as19 necessary to fully describe the nature of the exper-20 tise or experience; and21 (2) if no member of the governing body of the22 reporting company has expertise or experience in cy-23 bersecurity, to describe what other cybersecurity24 steps taken by the reporting company were taken25 VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS
  • 4. 4 •S 536 IS into account by such persons responsible for identi-1 fying and evaluating nominees for any member of2 the governing body, such as a nominating com-3 mittee.4 (c) CYBERSECURITY EXPERTISE OR EXPERIENCE.—5 For purposes of subsection (b), the Commission, in con-6 sultation with NIST, shall define what constitutes exper-7 tise or experience in cybersecurity, such as professional8 qualifications to administer information security program9 functions or experience detecting, preventing, mitigating,10 or addressing cybersecurity threats, using commonly de-11 fined roles, specialities, knowledge, skills, and abilities,12 such as those provided in NIST Special Publication 800–13 181 entitled ‘‘NICE Cybersecurity Workforce Frame-14 work’’, or any successor thereto.15 Æ VerDate Sep 11 2014 03:47 Mar 10, 2017 Jkt 069200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6301 E:BILLSS536.IS S536 lotteronDSK5VPTVN1PRODwithBILLS