Security

Navigating the SEC’s Updated Incident Response Guidelines With Prashanth Nanjundappa, Progress

The evolving cybersecurity landscape has led the Securities and Exchange Commission (SEC) to strengthen its incident response and disclosure guidelines. These updates place additional responsibilities on publicly traded companies, requiring them to promptly report cybersecurity incidents and maintain comprehensive internal controls. Prashanth Nanjundappa, VP of Product Management at Progress, joined me on ‘CISO Insights’ to discuss the impact of these guidelines and how Progress is positioned to help organizations navigate the changes.
Swapnil BhartiyaBy
0

The evolving cybersecurity landscape has led the Securities and Exchange Commission (SEC) to strengthen its incident response and disclosure guidelines. These updates place additional responsibilities on publicly traded companies, requiring them to promptly report cybersecurity incidents and maintain comprehensive internal controls. Prashanth Nanjundappa, VP of Product Management at Progress, joined me on CISO Insights to discuss the impact of these guidelines and how Progress is positioned to help organizations navigate the changes.

The new SEC guidelines require publicly traded companies to disclose material cybersecurity incidents promptly and accurately. To summarize, the SEC’s updated rules emphasize:

  • Enhanced Disclosure Requirements: Companies must promptly disclose material cybersecurity incidents with specific levels of detail.
  • Accurate and Comprehensive Reporting: Reporting must be precise, ensuring transparency in disclosures.
  • Strengthened Internal Controls: Organizations must implement robust mechanisms to track, audit, and report security incidents.
  • Risk Profile Considerations: Businesses must assess whether new products or vulnerabilities alter their risk exposure.
  • Collaboration and Remediation: Organizations must cooperate with the SEC on inquiries and demonstrate remediation efforts.

As Nanjundappa puts it, “Security is no longer just an IT problem, but a business problem. It needs to be spread across the organization, and that’s why cross-functional collaboration is now critical.”

The new SEC guidelines significantly impact teams across the enterprise. Security is no longer an isolated function but a core component of product development and risk management. Security must be embedded into the Software Development Lifecycle (SDLC), with engineering, IT, legal, and risk teams all playing a role.

Progress helps companies integrate security into SDLC processes through its Chef portfolio, which provides automation for configuration management, compliance, and security. “We work as trusted advisors to our customers, helping them strengthen their compliance and security posture while ensuring smooth audits and incident reporting,” Nanjundappa explains.

How Progress helps Companies Stay SEC-Compliant

One of the most effective ways to maintain compliance is through automation. Progress offers security and compliance automation solutions that provide:

  • Continuous Security Monitoring: Identifying vulnerabilities in real time.
  • Automated Remediation: Quickly addressing known issues to reduce exposure.
  • Compliance as Code: Ensuring security and regulatory compliance are embedded in every stage of the development process.

“Identifying security issues early is crucial,” Nanjundappa notes. “If a vulnerability is caught in development, it might take a week to fix. If it’s found in production, it could take months.”

Building a Culture of Security

Steve Winterfeld, Advisory CISO at Akamai, often remarks that culture can eat strategy for lunch and dinner. Nanjundappa echoes this sentiment, emphasizing that security must be a shared responsibility across the organization. Leading companies establish security champions across engineering, operations, and product management teams. Progress supports this approach by providing tools and frameworks that integrate security practices into daily workflows.

Enhancing Incident Response and Compliance Monitoring

A well-structured incident response plan is essential under the new SEC rules. Progress solutions help organizations with:

  • Faster Threat Detection and Response: Automated tools reduce response times.
  • Streamlined Compliance Monitoring: Continuous compliance assessments improve security posture.
  • Incident Reporting Frameworks: Ensuring organizations are prepared for SEC inquiries and audits.

The Road Ahead: Embracing Security as a Business Imperative

Organizations must now view security as an enterprise-wide priority rather than a compliance checkbox. By leveraging automation, fostering cross-team collaboration, and embedding security into core business functions, companies can effectively meet the SEC’s new requirements while maintaining agility and innovation.

For more information on how Progress and Chef can help your organization stay compliant and secure, visit Progress.com.

Mirantis Is Changing The Game: OpenStack, Kubernetes, and A Big Open Source Surprise!

Previous article

How Azul Is Helping Facilitate Smooth Migrations From Oracle Java To OpenJDK | Scott Sellers

Next article

You may also like