Follow the attached direction to complete this work. Note: Make sure it Aligns with Rubric
Unit 6 Assignment 2 Directions: Timothy Brown vs. the SEC
Purpose
The Securities and Exchanges Commission (SEC) is a key US federal agency that regulates financial reporting. In this paper, you will explore how the SEC affects cybersecurity in an organization and show an understanding of the risk to the company’s operations and financial health.
Background
Cybersecurity risk can significantly impact a company’s operations. It requires that data and systems be protected from intruders. The SEC influences the field of cybersecurity governance because it makes clear from Brown vs. the SEC that they consider executives to be accountable for failing to take demonstrated actions. These actions must provide more than adequate steps to protect data and information along with networks and systems. They also potentially extend to the board, which oversees a company’s strategy and evaluates the performance of the CEO. The board also reviews the financial statements and other key operating measures of the company. They advise and influence decision-making.
In Timothy Brown vs. the SEC, the action alleges that the CISO and others intentionally defrauded the investors and the SEC because the company’s critical assets were vulnerable. The SEC has specific details such as internal communications between employees concerned about the cybersecurity risks. The employees also told corporate executives they were concerned. This was the first time the SEC had charged a CISO rather than those officers in a company who are responsible for accounting and disclosure and who have SEC expertise. Knowing about these matters as a CISO is important because you will need to have policies, procedures, and reporting protocols in place to ensure that all internal information and the information communicated publicly are correct and truthful. The Skadden article in your learning resources will help you understand these issues.
Directions
Write a 200- to 300-word paper that explores how the SEC affects cybersecurity in an organization and shows that you understand the risk to the company’s operations and financial health. Review
SolarWinds Corporation and Timothy G. Brown (
The Road to the Rules: The SEC Mandates Cybersecurity Disclosures(. Look at the SEC complaint to see what corrective actions they demand, along with the penalties, injunctions, and the prohibition on Brown serving as an officer or director in any public company.
In your paper, be sure to address each of the following prompts:
1.
Legal Implications: Assume that Timothy Brown is found personally liable for this action. Explain how this ruling would affect the following:
a. How a company might demonstrate that they have appropriate or adequate controls to prevent and detect cyber risk
b. People’s desire to become a CISO for a private company
2. Describe the steps you would advise a corporation to take to demonstrate that it has cybersecurity controls in place that minimize risk to their data and information.
a. Base these steps on your knowledge of cybersecurity risk management frameworks, industry best practices, and the importance of executive team and board awareness.
b. Review the risk management issues you looked at in Unit 2 and review the information on what the board of directors must know to respond.
c. You can also get ideas from reading the recommendations in the two documents provided in resources that list what business leaders need to know.
3. Cite sufficient course resources to substantiate your arguments.
To remind yourself how to cite references, visit Library’s
APA Document Formatting (7th Edition) and
APA 7th Edition Citation Examples.
Rubric to follow
