The SEC recently issued a new statement on Cybersecurity Interpretative Guidance. This statement provides guidelines for public companies regarding disclosures about cybersecurity risks and incidents. It not only highlights the Commission’s views on the importance of maintaining comprehensive policies and procedures related to cybersecurity, but also adds pressure on executives to take a more proactive position and ensure they understand, manage and report the risks to applications and the enterprise.
The main challenges executives face include having a multitude of vulnerabilities that are reported which makes it difficult to separate the signal from the noise, and understanding the overall risks and having the means to manage them effectively. In addition to these critical challenges, it would be valuable for executives to understand how their organization is positioned amongst their peers as it relates to practicing good security hygiene and meeting sensible standards for risk exposure management.
Critical Questions for Executives
At the end of the day, whether due to regulatory pressure, client requests, board-level inquiries, or just a need to better understand and manage their company’s security posture, executives need to answer a series of important questions:
- What is the enterprise risk profile?
- What are the applications and targets that contribute the most risk?
- What are the most critical vulnerabilities they are exposed to?
- Are there any obvious trends and patterns of vulnerabilities they need to be aware of?
- What is the optimal way to minimize my risk?
- How are we doing compared to our peer group and current industry specific standards?
CYBRIC’s answers these questions and empowers organizations with a platform that can scale and provide future expansion capabilities. The foundation of the orchestration and automation of the security tools throughout the Software Development Lifecycle provides information about vulnerability data for the application stacks and across the corporate ecosystem.
Our multi-tiered analytics approach provides the capabilities to normalize and de-duplicate the data and our rule-based system helps you separate the signal from the noise, ignore false positives and lower risks that companies are willing to manage and accept, so organizations can take proactive action. Our application and enterprise dashboards can clearly show application risk scores, detection and remediation metrics as well as the correlations between vulnerabilities detected during static and dynamic scans.
It’s great to see the commission raising the criticality of cybersecurity, underscored by regulations with which companies need to comply. With the CYBRIC platform, you are able to confidently answer the questions I’ve outlined above, as well as probably the most important one: “How secure are we?”