www.majorkeytech.com Open in urlscan Pro
104.46.36.9  Public Scan

Form analysis
1 forms found in the DOM

/search/

<form action="/search/" data-hs-cf-bound="true">
  <input aria-label="Search" class="_searchbox" placeholder="Search" name="q" value="" autocomplete="off"><button aria-label="Submit search"><svg role="img" width="36" height="36" viewBox="0 0 36 36">
      <use xlink:href="#svg-search-icon"></use>
    </svg></button>
  <div class="_instantsearch" data-nohits="No results found"></div>
</form>

Text Content

×

This website uses cookies to provide the best possible user experience. If you
continue without making any changes you allow this. Read more about cookies
here. Read more about our Privacy Policy here.

Accept
Skip to main contentSkip to navigationSkip to search
Logotype Menu Close
Logotype
 * What we do
   
   * MajorKey Guide
     
     
     BUSINESS-DRIVEN IDENTITY AND ACCESS MANAGEMENT
     
     A Buyer's Guide on How to Ensure a Successful Outcome of Your IAM Program
     
      
     
     Get the Guide
   
   * What we do
   * Identity & Access Management (IAM)
   * Application Deployment & Security
   * Data Security & Governance
   * Cloud Security
   * Advisory Services
   * Integration Services
   * Managed Services
   * 
 * Resources
   
   * MajorKey Guide
     
     
     BUSINESS-DRIVEN IDENTITY AND ACCESS MANAGEMENT
     
     A Buyer's Guide on How to Ensure a Successful Outcome for Your IAM Program
     
      
     
     Get the Guide
   
   * Blogs
   * Webinars
   * Whitepapers
   * Analyst Reports
   * Featured Articles
   * Events
   * News and Press
   * Support
   * Government and Public Sector
   * 
 * About us
   
   * Our Core Values
     
     People focused
     
     Teamwork
     
     Corporate Responsibility
     
     Integrity
     
     Passionate Excellence
     
     
     
     About Majorkey
     
      * Technology in harmony
      * Our story
     
     Our People
     
      * Leadership team
      * Join our team
     
     
     
     MajorKey Expands Solutions Advisory Practice with Veteran Identity and
     Application Security Expert Alex Gambill
     MajorKey Accelerates Pure Play Identity Security Strategy with Acquisition
     of Legion Star
     MajorKey Announces Strategic Pivot to Focus on Pure Play Information
     Security Technology and Services
     
     View all news
     
     [Interactive Tool] Cloud Security Vendor Selection Calculator
   
   * 
 * Contact



Blog

Alex Gambill | January 24, 2024  I  4 min read


WHAT DO RAINBOW TROUT HAVE TO DO WITH THE NEW SEC CYBERSECURITY REGULATION?



Share
LinkedInLinkedInFacebookFacebookTwitterTwitterE-mailE-mailPrintPrint

The serenity, solitude, and deafening silence of the river rushing past your
knees, surrounded by snowcapped mountains while fly fishing is tough to beat.
The beauty that engulfs your senses slowly lulls you into a daydream sequence.
Trout aren’t super active in the winter, so the expectation of a catch is
minimal. You slip further into your mind and then…BOOM! Fish on! You’re suddenly
jostled from being alone with your thoughts, fighting to land what’s sure to be
a nice fish – they usually are in the winter months.


BUT WHAT DOES THIS HAVE TO DO WITH SECURITY?

Make no mistake, there’s nothing serene, solitary, silent, or even remotely
enjoyable about regulatory requirements. They’re an important and necessary
component of the daily lives of practitioners and services providers. The
commonality is that we’re in a daydream sequence when it comes to SOX 404. We’ve
become desensitized to it because it’s overloaded every aspect of our
conversations, conferences, social media feeds, and vendor relationships. We’ve
been bludgeoned with content targeting GDPR and other similar privacy
regulations – and that’s just scratching the surface. Fast-forward to the here
and now. We’re standing in that river of regulatory compliance, desensitized to
the reality that a beautiful, native rainbow trout could be on our line at any
moment.


IN THE WORLD OF REGULATORY COMPLIANCE, THAT TROUT IS THE NEW SEC CYBERSECURITY
REGULATION.

Much like me scrambling to set the hook and strip line, we’re all in a position
of needing to quickly rotate to address the newest requirements passed down from
the SEC – whether we’re ready or not..

At a high level, the goal of the new requirements is enhancing the cybersecurity
practices of publicly traded companies’ as they relate to risk management and
governance, while increasing transparency around cybersecurity events.
Specifically, an organization must provide a comprehensive disclosure of its
processes, if any, for assessing, identifying, and managing material risks from
cybersecurity threats.

But let’s not forget about our friends at privately held companies. You may be
impacted as well, particularly if you’re looking to interoperate with publicly
traded companies from a vendor, partner or other 3rd party relationship
perspective.




RATHER THAN DIVE INTO THE SPECIFICS OF WHAT ORGANIZATIONS SHOULD BE DOING, LET’S
START WITH A FEW QUESTIONS YOU WILL WANT TO CONSIDER OVER THE COMING WEEKS.

 1. Who’s on first? Have you identified the right team with the right expertise
    to assess and manage cyber-related risk?
 2. When was your last risk assessment and how does it tie back to your risk and
    controls framework – specifically where you’ve identified cyber-related
    risks & controls?
 3. How are you proactively managing the potential for realized risks and the
    quantification of those risks within your key enterprise applications?
 4. What level of automation and technology-enabled processes do you have to
    empower your team to limit taking on a reactive response?
 5. What processes are in place to identify, manage and mitigate material risks
    from cybersecurity threats associated with the use of any third-party
    service providers?
 6. How are your existing cybersecurity processes integrated into the
    overarching organizational risk management processes?

If these questions have you thinking about technology-enabled processes for
identity security, access governance, cloud security,customer identity
management, and privileged access, then you’re on the right track.

2024 has arrived and so have the new challenges and opportunities – cheers to
avoiding cyber threats, tight lines and more than a few moments of serenity,
solitude and deafening silence in the middle of a remote mountain stream.






AUTHOR

Alex Gambill, Director, Application Security & GRC Advisory

With more than 14 years of experience in the identity, application security, and
controls space, Alex has helped numerous Global 2000 and Fortune 500
organizations develop and deliver their enterprise application security, access
controls, and identity initiatives to support governance, risk, and compliance
frameworks.  

To hear more from Alex, follow him on LinkedIn.




GET IN TOUCH

Think we could help your business deliver on technology’s promise? We think so
too. Drop us a Line, and we’ll get back to you in a heartbeat. 

Get in touch


STAY UP TO DATE WITH OUR MONTHLY NEWSLETTER.

Covering the latest in IAM, Application Security, Data Governance, Cloud
Security, and other industry news and company updates.







What we do

Solutions

 * Identity Access Management (IAM)
    * Workforce Identity Management (IDM)
    * Identity Governance and Administration (IGA)
    * Privileged Access Management (PAM)
    * Customer Identity and Access Management (CIAM)

 * Application Deployment & Security
 * Cloud Security
 * Data Security & Governance

Services

 * Advisory Services
 * Managed Services

Partners & Technology

 * View all partners

Our Approach

 * Technology in harmony
 * Why choose us

Client Success

 * View all client success stories

About us

 * Technology in harmony
 * Our story
 * Client Support
 * Government & Public Sector
 * Texas DIR

Our People

 * Leadership team
 * Join our team

Resource Hub

 * Content library
 * Whitepapers
 * Videos
 * Analyst reports
 * Webinar
 * Blogs
 * Client success stories

Multimedia

 * Upcoming events
 * Featured articles and podcasts
 * Company news

© MajorKey 2024

Use of this site signifies your acceptance of MajorKey Tech's Privacy Policy