#141 - Emerging Risks (with The Chertoff Group)

On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company.

Special Thanks to our Sponsors:

• The Chertoff Group: https://www.chertoffgroup.com.Note you can read more about their thoughts on AI here: https://www.chertoffgroup.com/managing-ai-risks/
• Prelude: https://www.preludesecurity.com/
• CPrime: At work, bridging the gap between risk management, IT security, and departments like finance, product, and development can be daunting. Enter Cprime, specializing in harmonious integration through secure code training, DevSecOps implementation, and
  zero trust practices. We streamline, optimize, and drive innovation, empowering continuous security ops. Transform risk management at Cprime.com/train and use code 'cprimepod' for 15% off training. Unleash potential with us!

Transcripts: https://docs.google.com/document/d/1tW0kOYCURXgRF-z7UqeQGga0zAkwGuZ9/

Chapters

• 00:00 Introduction
• 02:33 The SEC's Final Rule on Cybersecurity Disclosure
• 05:29 What is a Material Incident?
• 07:13 The Commission's Final Rule on Board Engagement in Cybersecurity Risk
• 10:03 The Four Day Rule for Incident Reporting
• 12:46 The Implications of the New Role of the CISO
• 15:46 The Ticking Clock on Disclosure
• 18:31 SolarWinds and the Software Chain Security Exposure
• 19:53 The Role of the Software Bill of Materials (SBOM) in the Software Supply Chain Security Challenges
• 21:29 The Rise of the SBOM
• 23:16 The Rise of Expectations in the U.S. Government
• 25:02 The Future of Software Security
• 27:22 The Progress of the CMMC Program
• 29:59 The SEC Disclosure Requirements: What to Expect From Your Board
• 31:57 How to Reduce Complexity in Your Software Development Lifecycle
• 34:05 How AI is Impacting Our Business and Cyber
• 37:32 How to Measure and Manage Cyber Risks Effectively
• 39:57 The SEC's Final Rule on Disclosure