« IPA 「標的型サイバー攻撃の特別相談窓口」の設置 | Main | DBSC 確定 データベース暗号化ガイドライン 第1.0版 »


SEC サイバーセキュリティリスクとインシデントについての開示 (CF Disclosure Guidance: Topic No. 2 Cybersecurity)


・2011 10.17 米国:FTCが,サイバーセキュリティ上のリスクに関する情報開示についてのガイドラインを公表

・2011.10.13 CF Disclosure Guidance: Topic No. 2 Cybersecurity


A registrant may need to disclose known or threatened cyber incidents to place the discussion of cybersecurity risks in context. For example, if a registrant experienced a material cyber attack in which malware was embedded in its systems and customer data was compromised, it likely would not be sufficient for the registrant to disclose that there is a risk that such an attack may occur. Instead, as part of a broader discussion of malware or other similar attacks that pose a particular risk, the registrant may need to discuss the occurrence of the specific attack and its known and potential costs and other consequences.

While registrants should provide disclosure tailored to their particular circumstances and avoid generic “boilerplate” disclosure, we reiterate that the federal securities laws do not require disclosure that itself would compromise a registrant’s cybersecurity. Instead, registrants should provide sufficient disclosure to allow investors to appreciate the nature of the risks faced by the particular registrant in a manner that would not have that consequence.


« IPA 「標的型サイバー攻撃の特別相談窓口」の設置 | Main | DBSC 確定 データベース暗号化ガイドライン 第1.0版 »


Post a comment

(Not displayed with comment.)

Comments are moderated, and will not appear on this weblog until the author has approved them.


Listed below are links to weblogs that reference SEC サイバーセキュリティリスクとインシデントについての開示 (CF Disclosure Guidance: Topic No. 2 Cybersecurity):

« IPA 「標的型サイバー攻撃の特別相談窓口」の設置 | Main | DBSC 確定 データベース暗号化ガイドライン 第1.0版 »