Get a toll-free phone number for your Shopify store
From the Schneier on Security blog
The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules:
- Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk.
- Public companies must “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats” in their annual filings.
The rules go into effect this December.
In an email newsletter, Melissa Hathaway wrote:...