Talk to an Expert
Interested in learning how SANS can develop a strategy to help you prepare to meet the new SEC regulations with ease? Please fill out the form below and a member of our team will be in touch as soon as possible.
Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
Understanding the latest SEC cybersecurity regulations can be daunting, making compliance a challenge. In this high-stakes arena, seeking guidance from industry leaders is not just prudent—it's imperative. SANS stands as the vanguard of cybersecurity preparedness, offering unparalleled expertise and immersive training to guide organizations through each evolving requirement. From breach disclosure protocols to enhancing cyber acumen — our resources are the strategic arsenal your team needs. Partnering with SANS doesn’t just provide a clear path to compliance, it fortifies your organization against current and future cybersecurity challenges.
Key Components of New SEC Requirements
Regulation S-K Item 106(b) – Risk Management and Strategy
Registrants must periodically disclose their processes, if any, for the assessment, identification, and management of material risks from cybersecurity threats.
Regulation S-K Item 106(c) – Governance
Registrants must describe the board’s oversight of risks from cybersecurity threats and describe management’s role in assessing and managing material risks.
Form 8-K Item 1.05 – Material Cybersecurity Incidents
Mandatory disclosure of cybersecurity incidents goes into effect on December 18, 2023 for all registrants other than small reporting entities.
Form 20-F – Foreign Private Issuers (FPIs)
Foreign private issuers must describe the board’s oversight of risks from cybersecurity threats and describe management’s role in assessing and managing material risks.
What You Need to Know About the SEC Cybersecurity Mandate - SANS Compliance Countdown Series
Get ready for a deep dive into the SEC Cybersecurity requirements. Join Luna Bloom, Chief of the Office of Rulemaking in the SEC’s Division of Corporation Finance, to explore disclosure timelines, the ins and outs of materiality, and the nuances of organizational reporting structures. With the compliance deadline approaching, this session is timely and essential.
Cyber Compliance Starts with Cyber Leadership
Investing in training that enables teams to adeptly manage unforeseen cyber incidents is now more essential than ever. Understanding how to conduct meaningful risk assessments tailored to an organization's specific needs leads to implementable strategies and practical security measures. Such training drives not only compliance but also positions an organization for sustained success by emphasizing the importance of leadership being well-versed in cybersecurity practices.
LDR553: Cybersecurity Incident Management
If you are worried about leading or supporting a major cyber incident, then this is the course for you. You cannot predict or pick when your organization will face a major cyber incident, but you can choose how prepared you are when it happens.
LDR419: Performing a Cybersecurity Risk Assessment
Go beyond theoretical and academic and truly understand how to properly prepare for and perform risk assessments that matter - know what risks to look for in relation to your specific organizational context, how to uncover these risks effectively, and present results to leadership for actionable results.
Enhance Board Level Expertise with Baseline Training
A comprehensive understanding of both foundational technology principles and modern cybersecurity techniques builds confidence in navigating an increasingly complex cyber landscape. Training designed by seasoned professionals with real-world examples delivers not only technical comprehension but also informed decision-making based on actual challenges.
SEC275: Foundations: Computers, Technology, & Security
Equips leaders with foundational technology principles as well as modern cybersecurity techniques. Whether diving deep into hands-on labs or strategizing from a broad overview, leadership can navigate the complex cybersecurity landscape with confidence.
SEC301: Introduction to Cybersecurity
Courses, designed by seasoned cybersecurity veterans, incorporate practical, real-world examples. This ensures leaders can not only understand the technical aspects but also make informed decisions based on real-world challenges and scenarios.
SEC401: Security Essentials: Network, Endpoint, & Cloud
Whether you are new to information security or a seasoned practitioner, master the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud.
Learn at Your Own Pace with Short-Form Computer-Based Training
Short-format computer-based training offers individuals the opportunity to train at their own pace while easily integrating learning into daily routines. The self-paced nature aids in comprehension for a wide range of individual learning styles. Through specialized, role-focused training modules, topics such as cryptography, risk management, and zero-trust environments come to the forefront. These modular courses cater to diverse roles and ensure everyone is clear of their responsibilities toward enhancing their organization's security posture.
Security Essentials for Business Leaders
Equips leaders with foundational technology principles as well as modern cybersecurity techniques. Whether diving deep into hands-on labs or strategizing from a broad overview, leadership can navigate the complex cybersecurity landscape with confidence.
Security Essentials for IT Administrators
This training arms Network and System Administrators with the knowledge and skills necessary to identify and mitigate security threats, while optimizing your organization's systems with training that covers topics such as cryptography, zero-trust environments, risk management, and more.
Real-World Incident Simulations
Hone your users’ decision-making and crisis management skills through curated real-world scenarios that immerse users in virtual cyberattacks. Build accountability, sharpen reflexes, and ensure your organization is poised to address cybersecurity challenges proactively and effectively.
Executive Cyber Exercises
This immersive experience guides executive leaders through a simulated cyberattack to test their crisis management plan, identify risks, and react in real-time.
Cyber Ranges
SANS Cyber Ranges provides an essential step in your cybersecurity training, allowing you to apply your skills and gain practical experience in an interactive and isolated environment, with no real-world risk, built by industry-leading SANS instructors.