Adversary Universe Podcast

Inside the ”Alphabet Soup” of Incident Reporting Regulations

Dec 14, 2023

Exploring the complexities of cyber incident reporting regulations with guest Drew Bagley. Discussing SEC policies on reporting breaches, weaponization of disclosure policies by adversaries, market reactions to incident reports, defining material incidents, and navigating the evolving regulatory landscape.

56:18

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Navigating the alphabet soup of incident reporting regulations is a challenge for organizations worldwide.

Understanding material breaches and SEC reporting timelines is crucial for compliance with cybersecurity regulations.

Organizations must showcase cybersecurity governance structures to meet SEC transparency and accountability standards.

Deep dives

Understanding the Importance of Compliance and Regulations in Cybersecurity

Protecting against sophisticated cyber attacks requires knowing and adhering to cybersecurity compliance and regulations. Adversaries are becoming more relentless and organizations need to navigate the alphabet soup of rules, including SEC regulations. Demystifying these rules and recent changes in adversary tradecraft is crucial. Special emphasis is placed on understanding material breaches and the SEC's requirement to report these incidents within a short timeframe, sparking debates about definitions and potential impacts on compliance.

Introduction

2min

Exploring Changes in SEC Policies on Reporting Material Breaches

2min

Navigating SEC Reporting Regulations for Cybersecurity Incidents

13min

Exploring the Weaponization of Disclosure Policies and Triple Extortion Threats

2min

Implications of Incident Reporting Regulations on Market Reactions

7min

Exploring Material Incident Definition and Assessment

2min

Navigating Cyber Incident Reporting Regulations

26min

Emphasizing Transparency and Future Security Events

2min

Organizations around the world must navigate a growing number of cyber incident reporting regulations mandated by government bodies.

In the U.S., these regulations come from agencies including the Securities and Exchange Commission (SEC), Federal Trade Commission (FTC), Cybersecurity and Infrastructure Security Agency (CISA) and others. This “alphabet soup” of regulations, as Cristian puts it, can be tough for businesses to understand and follow — especially as the threat landscape evolves and compliance requirements change.

In this episode, Cristian is joined by Drew Bagley, VP and Counsel for Privacy and Policy at CrowdStrike, to dig into the details of why these myriad regulations have emerged and shed some light on common questions: When does a breach need to be reported, and why is the timeline a hot debate topic? What is a “material breach”? How are adversaries using these regulations to their advantage? And most importantly, how should businesses respond to all of this? Tune in for these answers — and more.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Adversary Universe Podcast

Inside the ”Alphabet Soup” of Incident Reporting Regulations

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding the Importance of Compliance and Regulations in Cybersecurity

Navigating Multiple Cybersecurity Reporting Requirements

Impact of SEC Requirements on Public Companies

Challenges and Considerations in Incident Materiality Determination

Navigating Exceptional Circumstances in Incident Reporting

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Adversary Universe Podcast

Inside the ”Alphabet Soup” of Incident Reporting Regulations

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding the Importance of Compliance and Regulations in Cybersecurity

Navigating Multiple Cybersecurity Reporting Requirements

Impact of SEC Requirements on Public Companies

Challenges and Considerations in Incident Materiality Determination

Navigating Exceptional Circumstances in Incident Reporting

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights