SEC OCIE Guidance on Cybersecurity

The U.S. Security and Exchange Commission’s Office of Compliance Inspections and Examinations has come out with a new guidance on cybersecurity.

Here is the money quote:

Effective cybersecurity programs start with the right tone at the top, with senior leaders who are committed to improving their organization’s cyber posture through working with others to understand, prioritize, communicate, and mitigate cybersecurity risks. While the effectiveness of any given cybersecurity program is fact-specific, we have observed that a key element of effective programs is the incorporation of a governance and risk manage- ment program that generally includes, among other things: (i) a risk assessment to identify, analyze, and prioritize cybersecurity risks to the organization; (ii) written cybersecurity policies and procedures to address those risks; and (iii) the effective implementation and enforcement of those policies and procedures.

Records Retention and Management Systems

Think about how many documents are created at your company, e.g. paper, electronic, all revisions of documents, emails, manuals, notes about manuals, meeting summaries, financial spreadsheets, confidential and sensitive information of all kinds, etc. Even for small companies the amount of records created is ever increasing. Now think about what would happen if all of those records were made available to your adversaries. That would be a bad day for your company. Now consider that as much as 60 percent of it must be retained for regulatory requirements.

[Read more…]

(Ǝx)(Px & Pj & (y)(Py -> x=y))

I have a special affinity for logic systems and this is predicate logic.  I also realize this is quite the narcissistic joke and yet I still find it funny.  Here is how to decipher:

[Read more…]