#141 - Emerging Risks (with The Chertoff Group)
On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company. Special Thanks to our Sponsors: The Chertoff Group: https://www.chertoffgroup.com.Note you can read more about their thoughts on AI here: https://www.chertoffgroup.com/managing-ai-risks/ Prelude: https://www.preludesecurity.com/ CPrime: At work, bridging the gap between risk management, IT security, and departments like finance, product, and development can be daunting. Enter Cprime, specializing in harmonious integration through secure code training, DevSecOps implementation, andzero trust practices. We streamline, optimize, and drive innovation, empowering continuous security ops. Transform risk management at Cprime.com/train and use code 'cprimepod' for 15% off training. Unleash potential with us! Transcripts: https://docs.google.com/document/d/1tW0kOYCURXgRF-z7UqeQGga0zAkwGuZ9/ Chapters 00:00 Introduction 02:33 The SEC's Final Rule on Cybersecurity Disclosure 05:29 What is a Material Incident? 07:13 The Commission's Final Rule on Board Engagement in Cybersecurity Risk 10:03 The Four Day Rule for Incident Reporting 12:46 The Implications of the New Role of the CISO 15:46 The Ticking Clock on Disclosure 18:31 SolarWinds and the Software Chain Security Exposure 19:53 The Role of the Software Bill of Materials (SBOM) in the Software Supply Chain Security Challenges 21:29 The Rise of the SBOM 23:16 The Rise of Expectations in the U.S. Government 25:02 The Future of Software Security 27:22 The Progress of the CMMC Program 29:59 The SEC Disclosure Requirements: What to Expect From Your Board 31:57 How to Reduce Complexity in Your Software Development Lifecycle 34:05 How AI is Impacting Our Business and Cyber 37:32 How to Measure and Manage Cyber Risks Effectively 39:57 The SEC's Final Rule on Disclosure