Federal, state and international policymakers continue to be active in developing new laws and regulations that have direct operational impacts on private sector CISOs and members of their teams. The SEC cybersecurity rule, now in effect, is compelling public companies to adjust their incident reporting and governance procedures. CISA will be releasing its proposed rule to implement the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) shortly, which will create additional incident reporting requirements for many companies. Other proposed laws and regulations related to artificial intelligence, privacy and data security are likely to affect cybersecurity teams’ compliance, governance and incident reporting activities. This session will discuss what cyber practitioners can do to anticipate and address current and future policy and regulatory requirements.
