Subnostr

What CISOs Should Exclude From SEC Cybersecurity Filings

Should CISOs include only known information in the SEC filings for a material security incident, or is there room to include details that may change during the investigation?