SEC Update Underscores Critical Security Questions for the C-Suite

AppSec Compliance

Publish Date

Mar 12, 2018

Written by

Andrei Bezdedeanu

Tagged with

  • Cybersecurity
  • Questions
  • SEC

The SEC recently issued a new statement on Cybersecurity Interpretative Guidance. This statement provides guidelines for public companies regarding disclosures about cybersecurity risks and incidents. It not only highlights the Commission’s views on the importance of maintaining comprehensive policies and procedures related to cybersecurity, but also adds pressure on executives to take a more proactive position and ensure they understand, manage and report the risks to applications and the enterprise.

The  main challenges executives face include having a multitude of vulnerabilities that are reported which makes it difficult to separate the signal from the noise, and understanding the overall risks and having the means to manage them effectively. In addition to these critical challenges, it would be valuable for executives to understand how their organization is positioned amongst their peers as it relates to practicing good security hygiene and meeting sensible standards for risk exposure management.

Critical Questions for Executives
At the end of the day, whether due to regulatory pressure, client requests, board-level inquiries, or just a need to better understand and manage their company’s security posture, executives need to answer a series of important questions:

  • What is the enterprise risk profile?
  • What are the applications and targets that contribute the most risk?
  • What are the most critical vulnerabilities they are exposed to?
  • Are there any obvious trends and patterns of vulnerabilities they need to be aware of?
  • What is the optimal way to minimize my risk?
  • How are we doing compared to our peer group and current industry specific standards?

ZeroNorth’s™ answers these questions and empowers organizations with a platform that can scale and provide future expansion capabilities. The foundation of the orchestration and automation of the security tools throughout the Software Development Lifecycle provides information about vulnerability data for the application stacks and across the corporate ecosystem.

Our multi-tiered analytics approach provides the capabilities to normalize and de-duplicate the data and our rule-based system helps you separate the signal from the noise, ignore false positives and lower risks that companies are willing to manage and accept, so organizations can take proactive action. Our application and enterprise dashboards can clearly show application risk scores, detection and remediation metrics as well as the correlations between vulnerabilities detected during static and dynamic scans.

It’s great to see the commission raising the criticality of cybersecurity, underscored by regulations with which companies need to comply. With the ZeroNorth platform, you are able to confidently answer the questions I’ve outlined above, as well as probably the most important one: “How secure are we?”

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Center point

AppSec Compliance

The Intersection of AppSec and Compliance

By Dave Howell Sep 15, 2021

In May 2021, the White House issued an Executive Order (EO) focused on improving the United States’ cybersecurity posture. Among other things, the EO calls for ...

Read More


How to Appease the Gods of Compliance Without a Human Sacrifice

By ZeroNorth Oct 28, 2020

Halloween is here, and while trick or treating may be cancelled because of the ongoing pandemic, the basics of the celebration remain the same: pumpkins, costumes, ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.