Insight Search Search Submit Sort by: Relevance Date Search Sort by RelevanceDate Order AscDesc Blogs June 11, 2024 Key takeaways: New SEC cyber risk management disclosure rules While the ink is still drying on many 2023 Form 10-Ks, Protiviti has reviewed a subset of the filings to gauge how firms are responding to the U.S. Securities and Exchange Commission’s (SEC’s) amended Cybersecurity Disclosure Rule adopted in July 2023. In Focus July 19, 2024 SEC rebuked in SolarWinds decision. What does it mean? U.S. District Judge Paul Engelmayer has dismissed most of the charges made by the U.S. Securities and Exchange Commission (SEC) against software company and 2020 cyberattack victim SolarWinds and its chief information security officer (CISO), Tim Brown. In its original lawsuit, filed in October 2023, the SEC alleged that SolarWinds had defrauded investors by concealing security weaknesses in its… Whitepaper July 22, 2021 The adoption of "Zero Trust" The future of organisations will be built on the ability to work securely from anywhere, using any device at any time. This was made clear during the COVID-19 pandemic, which forced millions of workers to work from home using company-owned or personal devices. As the velocity and persistence of cybersecurity attacks increase daily and digital transformation continues to be a priority for… Blogs April 13, 2021 IT Audit’s Perspectives on the Top Technology Risks in Energy & Utilities for 2021 Cybersecurity, Privacy, Data and Resilience Dominate the Top Technology Challenges for Energy and Utilities Organisations. Survey February 15, 2024 2024 Top Risks for Chief Financial Officers Chief financial officers (CFOs) have a unique vantage point regarding talent management, one that explains why the ability to attract, develop and retain top talent represents their top risk concern in both 2024 and 2034. Podcast March 13, 2024 Podcast ǀ Decoding CMMC Compliance for Government Contractor Data In this special edition of the Protiviti Legal Perspectives podcast series, we delve into the complexities of new data protection and cybersecurity government regulations in the defense industry with Alex Alexander W. Major, Partner, McCarter & English and Perry Keating, President of Protiviti Government Services. The Cybersecurity Maturity Model Certification (CMMC) was recently promulgated… Blogs January 31, 2024 Enabling enterprise data governance with Microsoft Purview Data is the lifeblood of today’s digitally transformed business environment and is growing rapidly as it is estimated that 90 percent of the world’s existing data was created in the last two years alone. With such rapid growth, simply understanding the context of what data is important to keep, classifying that data and organising it into a useful form cannot happen without the support of… Flash Report December 14, 2020 CISA Issues Emergency Directive to Mitigate SolarWinds Orion Code Compromise On December 13, 2020, the Cybersecurity & Infrastructure Security Agency (CISA) issued an emergency directive detailing required action for federal agencies to mitigate the threat of the recently discovered compromise involving SolarWinds® Orion® Network Management products that are currently being exploited by malicious actors. (Read the SolarWinds Security Advisory here.) Given the nature… Newsletter May 8, 2024 Sharpening the Board’s Focus on M&A Due Diligence Whether an acquisition is a stand-alone, complementary entity or an integration, the due diligence process is undergoing a paradigm shift due to the higher cost of funding and the impact of failed transactions. Boards should expect a more aggressive focus on due diligence.How has the due diligence process changed in recent years? For sure, the complexity of certain topics, such as environmental… Whitepaper June 1, 2022 How can an enterprise use access management to establish a Zero Trust environment? A hybrid RBAC, ABAC and PBAC framework is the best practice approach A strong access management programme is foundational to establishing a Zero Trust environment by using contextual information to continuously validate that users are who they say they are and by restricting user access to necessary resources only. Within the Zero Trust framework, identity governance and risk-based conditional… Load More