Craig Hoffman

Craig Hoffman

BakerHostetler

Contact
View Bio
RSS

Latest Posts › Risk Management

Share:

2024 SEC Cybersecurity Rule Updates

The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more

1/7/2025  /  Chief Information Security Officer (CISO) , Compliance , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Enforcement , Form 10-K , Form 8-K , Materiality , NIST , Publicly-Traded Companies , Risk Management , Securities and Exchange Commission (SEC)

The SEC’s Regulation of Cybersecurity Continues

The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more

6/25/2024  /  Cybersecurity , Enforcement Actions , Form 8-K , Internal Controls , Ransomware , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC) , Securities Exchange Act , Security and Privacy Controls

Addressing the SEC’s New Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Requirements

In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more

10/27/2023  /  Compliance , Compliance Dates , Corporate Governance , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Form 8-K , Materiality , Popular , Publicly-Traded Companies , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC) , Securities Regulation

SEC Proposes Rules on Disclosure of Material Cyber Incidents and Cybersecurity Practices for Public Companies

On March 9, 2022, the SEC released proposed rules intended to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and cyber incident reporting by companies that are subject to the...more

3/14/2022  /  Comment Period , Cyber Incident Reporting , Cybersecurity , Disclosure Requirements , Foreign Private Issuers , Form 8-K , Policies and Procedures , Proposed Rules , Publicly-Traded Companies , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC)

The Scourge of Ransomware

Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives,...more

5/14/2021  /  Cyber Attacks , Cyber Crimes , Cybersecurity , Data Security , Ransomware , Risk Management

Do You Need a Chief Digital Risk Officer (or Digital Risk Working Group)?

Axioms are common in the privacy and security space. One that has been popping up with more frequency is “privacy and security is an enterprise risk that requires an enterprise-wide effort to appropriately address.” It is...more

8/6/2018  /  Cybersecurity , Data Security , Digital Assets , Risk Assessment , Risk Management

Proposed FFIEC Guidance on Financial Institution Social Media Use

The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance. There is a 60-day comment period. The purpose of the...more

1/24/2013  /  Compliance , Consumer Financial Protection Bureau (CFPB) , FFIEC , Risk Management , Social Media
7 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide