easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114As part of an ongoing effort to mitigate risks to investors, the US Securities and Exchange Commission (SEC) enacted new cybersecurity rules last month to provide investors greater levels of\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n As part of an ongoing effort to mitigate risks to investors, the US Securities and Exchange Commission (SEC) enacted new cybersecurity rules last month to provide investors greater levels of transparency, giving them relevant, updated information that helps them assess cyber risks more effectively and make informed investment decisions. The new rules require public companies to disclose:<\/p>\n All material cybersecurity incidents within four days. In a press release<\/a>, the SEC states that the new Item 1.05 of Form 8-K which requires registrants to disclose any cybersecurity incident that is determined to be \u201cmaterial\u201d \u2013 meaning that it may have a significant impact on the company\u2019s financial position or operation, generally within four days. The registrant also must describe aspects of the incident including timing, nature, and scope as well as its impact or reasonably likely material impact on the registrant from the incident.<\/p>\n However, disclosures have the potential to be delayed if the immediate disclosure would pose a \u201csubstantial risk to national security or public safety\u201d. Public companies must comply with the new reporting structure 90 days after the date of publication in the Federal Register<\/em> or December 18, 2023 \u2013 whichever is later. Smaller reporting companies will be subject to the new Form 8-K requirements starting on 15 June 2024.<\/p>\n Companies that fail to comply with the new rules could face a number of consequences, including, but not limited to, hefty fines as well as the potential of investor lawsuits, and damage to the company\u2019s reputation.<\/p>\n The SEC also defined Regulation S-K Item 106, which requires companies to describe their processes for identifying, analyzing, and regulating cybersecurity risks. In addition, the registrant now has an obligation to share the board of directors\u2019 role in managing cyber threats \u2013 all of which must be recorded in the registrant\u2019s annual report.<\/p>\n All public companies must provide the new disclosure beginning with annual reports for fiscal years ending on or after December 15, 2023, which means that calendar-year companies must comply with new standards in their upcoming annual reports.<\/p>\n In most public companies, IT and security teams have been working very hard over the last few years to be able to detect and remediate threats. Chief Information Security Officers (CISOs) have implemented risk management and cyber governance strategies to drive IT security. However, the new SEC rules now require incident reporting and management of risks to industrial networks, as well.<\/p>\n Although securing Operational Technology (OT) has become top of mind, IT and CISO teams are sometimes just starting to make it a priority and often lack the visibility and control required to comply with the new SEC rules for both their IT and OT networks. So how can you manage cyber risks and report cyber incidents on your OT?<\/p>\n First, building an industrial demilitarized zone (IDMZ) is key to preventing network traffic from passing directly between the corporate and OT networks. Cisco Secure Firewalls<\/a> provide a first line of defense to adversaries when attempting to breach a network. They provide stateful packet inspection to detect and stop a variety of attacks and will let you document your reports.<\/p>\n Most organizations do not have comprehensive or up-to-date inventory of connected OT assets. You can\u2019t secure or monitor what you cannot see. Cisco Cyber Vision<\/a> automatically builds and maintains your inventory, at scale, so you can assess your security posture, understand risks, and drive governance by giving IT and OT a common understanding of the current environment.<\/p>\n Not only does visibility let you detect malicious traffic and abnormal behaviors that could lead to threats you would have to report, but it also allows you to prioritize vulnerabilities to patch and segment your industrial network into smaller zones of trust, as recommended by the ISA\/IEC62443 security standard<\/a>. This is the foundation of a robust OT cybersecurity strategy.<\/p>\n Remote access is key for operations to efficiently manage and troubleshoot OT assets. However, historically, 4G\/LTE gateways or ad-hoc remote access software have been deployed, making it nearly impossible to enforce security controls. These shadow IT solutions must be identified (using the visibility capability from Step 2) and replaced with a secured solution to provide zero trust network access (ZTNA).<\/p>\n Cisco Secure Equipment Access<\/a> lets you extend ZTNA to operational spaces. It empowers OT teams with an easy-to-use remote access solution that\u2019s specifically designed to support their workflows and provides granular access controls based on identity, as well as context policies, together with audit capabilities.\u00a0 These capabilities help organizations ensure that only authorized workers can configure connected assets, and that every action can be monitored.<\/p>\n Driving regulatory compliance and cybersecurity governance requires you to have a comprehensive view of your global security posture, across both your IT and OT domains. Information from your IDMZ firewalls, your OT visibility tools, your remote access solutions, and more, need to flow into your SOC to be enriched, correlated, analyzed, and reported. Platforms such as Cisco XDR<\/a> let you uncover complex threats by aggregating intelligence from both Cisco security products and third-party sources.<\/p>\n The new SEC rules require that public companies bolster their cybersecurity strategies. As industry digitization requires more connectivity, OT and IT networks have converged. Cisco\u2019s comprehensive IT security solutions can be easily extended to support your OT security requirements as well, so you can create consistency across your organizations and build on your existing expertise to mitigate the growing number of cyberattacks.<\/p>\n To learn more about how Cisco can help you secure your industrial operations, please contact us<\/a> or visit cisco.com\/go\/iotsecurity<\/a>. And don\u2019t forget to subscribe to our OT security newsletter<\/a>.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n \u00a0\u00a0New rules from the U.S. Securities and Exchange Commission (SEC) have implications on public companies\u2019 cybersecurity posture. Learn how Cisco can help.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n As part of an ongoing effort to mitigate risks to investors, the US Securities and Exchange Commission (SEC) enacted new cybersecurity rules last month to provide investors greater levels of\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n As part of an ongoing effort to mitigate risks to investors, the US Securities and Exchange Commission (SEC) enacted new cybersecurity rules last month to provide investors greater levels of transparency, giving them relevant, updated information that helps them assess cyber risks more effectively and make informed investment decisions. The new rules require public companies to disclose:<\/p>\n All material cybersecurity incidents within four days. In a press release<\/a>, the SEC states that the new Item 1.05 of Form 8-K which requires registrants to disclose any cybersecurity incident that is determined to be \u201cmaterial\u201d \u2013 meaning that it may have a significant impact on the company\u2019s financial position or operation, generally within four days. The registrant also must describe aspects of the incident including timing, nature, and scope as well as its impact or reasonably likely material impact on the registrant from the incident.<\/p>\n However, disclosures have the potential to be delayed if the immediate disclosure would pose a \u201csubstantial risk to national security or public safety\u201d. Public companies must comply with the new reporting structure 90 days after the date of publication in the Federal Register<\/em> or December 18, 2023 \u2013 whichever is later. Smaller reporting companies will be subject to the new Form 8-K requirements starting on 15 June 2024.<\/p>\n Companies that fail to comply with the new rules could face a number of consequences, including, but not limited to, hefty fines as well as the potential of investor lawsuits, and damage to the company\u2019s reputation.<\/p>\n The SEC also defined Regulation S-K Item 106, which requires companies to describe their processes for identifying, analyzing, and regulating cybersecurity risks. In addition, the registrant now has an obligation to share the board of directors\u2019 role in managing cyber threats \u2013 all of which must be recorded in the registrant\u2019s annual report.<\/p>\n All public companies must provide the new disclosure beginning with annual reports for fiscal years ending on or after December 15, 2023, which means that calendar-year companies must comply with new standards in their upcoming annual reports.<\/p>\n In most public companies, IT and security teams have been working very hard over the last few years to be able to detect and remediate threats. Chief Information Security Officers (CISOs) have implemented risk management and cyber governance strategies to drive IT security. However, the new SEC rules now require incident reporting and management of risks to industrial networks, as well.<\/p>\n Although securing Operational Technology (OT) has become top of mind, IT and CISO teams are sometimes just starting to make it a priority and often lack the visibility and control required to comply with the new SEC rules for both their IT and OT networks. So how can you manage cyber risks and report cyber incidents on your OT?<\/p>\n First, building an industrial demilitarized zone (IDMZ) is key to preventing network traffic from passing directly between the corporate and OT networks. Cisco Secure Firewalls<\/a> provide a first line of defense to adversaries when attempting to breach a network. They provide stateful packet inspection to detect and stop a variety of attacks and will let you document your reports.<\/p>\n Most organizations do not have comprehensive or up-to-date inventory of connected OT assets. You can\u2019t secure or monitor what you cannot see. Cisco Cyber Vision<\/a> automatically builds and maintains your inventory, at scale, so you can assess your security posture, understand risks, and drive governance by giving IT and OT a common understanding of the current environment.<\/p>\n Not only does visibility let you detect malicious traffic and abnormal behaviors that could lead to threats you would have to report, but it also allows you to prioritize vulnerabilities to patch and segment your industrial network into smaller zones of trust, as recommended by the ISA\/IEC62443 security standard<\/a>. This is the foundation of a robust OT cybersecurity strategy.<\/p>\n Remote access is key for operations to efficiently manage and troubleshoot OT assets. However, historically, 4G\/LTE gateways or ad-hoc remote access software have been deployed, making it nearly impossible to enforce security controls. These shadow IT solutions must be identified (using the visibility capability from Step 2) and replaced with a secured solution to provide zero trust network access (ZTNA).<\/p>\n Cisco Secure Equipment Access<\/a> lets you extend ZTNA to operational spaces. It empowers OT teams with an easy-to-use remote access solution that\u2019s specifically designed to support their workflows and provides granular access controls based on identity, as well as context policies, together with audit capabilities.\u00a0 These capabilities help organizations ensure that only authorized workers can configure connected assets, and that every action can be monitored.<\/p>\n Driving regulatory compliance and cybersecurity governance requires you to have a comprehensive view of your global security posture, across both your IT and OT domains. Information from your IDMZ firewalls, your OT visibility tools, your remote access solutions, and more, need to flow into your SOC to be enriched, correlated, analyzed, and reported. Platforms such as Cisco XDR<\/a> let you uncover complex threats by aggregating intelligence from both Cisco security products and third-party sources.<\/p>\n The new SEC rules require that public companies bolster their cybersecurity strategies. As industry digitization requires more connectivity, OT and IT networks have converged. Cisco\u2019s comprehensive IT security solutions can be easily extended to support your OT security requirements as well, so you can create consistency across your organizations and build on your existing expertise to mitigate the growing number of cyberattacks.<\/p>\n To learn more about how Cisco can help you secure your industrial operations, please contact us<\/a> or visit cisco.com\/go\/iotsecurity<\/a>. And don\u2019t forget to subscribe to our OT security newsletter<\/a>.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n
\nMaterial information on their cybersecurity risk management, strategy, and governance on an annual basis.<\/p>\nDisclosure of incidents<\/strong><\/h2>\n
Disclosure of risk management, strategy, and governance<\/strong><\/h2>\n
Implications for the future <\/strong><\/h2>\n
Step 1. Build your industrial DMZ<\/strong><\/h2>\n
Step 2. Gain visibility into your OT<\/strong><\/h2>\n
Step 3. Control remote accesses<\/strong><\/h2>\n
Step 4. Include OT into your Security Operations Center (SOC)<\/strong><\/h2>\n
\nMaterial information on their cybersecurity risk management, strategy, and governance on an annual basis.<\/p>\nDisclosure of incidents<\/strong><\/h2>\n
Disclosure of risk management, strategy, and governance<\/strong><\/h2>\n
Implications for the future <\/strong><\/h2>\n
Step 1. Build your industrial DMZ<\/strong><\/h2>\n
Step 2. Gain visibility into your OT<\/strong><\/h2>\n
Step 3. Control remote accesses<\/strong><\/h2>\n
Step 4. Include OT into your Security Operations Center (SOC)<\/strong><\/h2>\n