By Tara Wisniewski, EVP, Advocacy, Global Markets and Member Engagement, (ISC)² Summary The U.S. Securities and Exchange Commission (SEC) last week voted to adopt significant new rules relating to how publicly traded companies act and disclose cybersecurity-related risk and incidents. While U.S. healthcare providers, financial services firms and other critical infrastructure operators must, by law, report data and network breaches, no all-encompassing U.S. federal breach or incident disclosure law currently exists. However, the new rules passed by the SEC commissioners leave considerable ambiguity, particularly regarding the definition and measure of risk, along with not making a definitive ruling on cybersecurity... Read more →