SEC: SolarWinds failed to disclose cybersecurity woes before historic breach

SEC contends that SolarWinds and the company’s chief information security officer, Tim Brown, repeatedly violated the antifraud disclosure and internal controls provisions of federal securities law by not disclosing vulnerabilities that it knew could lead to a hack

#SEC #SolarWinds #TimBrown #malware #security #cybersecurity #hackers #hacking #infosec

https://www.washingtonpost.com/national-security/2023/10/30/solarwinds-computer-breach-sec-russia/

Ryan McGeehan takes a stab at analyzing the SEC indictment of Tim Brown and SolarWinds. I appreciate his analysis.

The SEC indictment completely ignores what it takes to run a security program, how difficult it is to implement politically, and how it is a long process.

Reporting every security issue or risk acceptance decision, etc. will probably cause major challenges for businesses, as there literally are endless issues to be fixed - to Ryan’s point - they are constantly found. Systemic issues included.

From the other side, such may cause a problem over over-reporting to avoid an indictment.

Any regulation, explicit or implied puts the legal team in the way of communication with/to/from the CISO and makes resolution more difficult, and with the higher cost to be a CISO, many will reconsider the role as an option.

It is especially interesting the CISO is the only executive indicted, while he is not the risk owner. The business is.

I spent the past two years working with CISOs on these sorts of issues, and I’d have taken all these extra burdens, if it was the SEC who decided to regulate us, as opposed to fighting with other agencies over who regulates us more.

From the government’s perspective I fully understand why they’d go this route. The attack was a wake up call discovered almost as an after-thought. Not knowing what else is out there has been quite unsettling.

https://medium.com/starting-up-security/lessons-from-the-secs-lawsuit-against-solarwinds-and-tim-brown-4199d547aaa7

#informationsecurity #riskmanagement #grc #solarwinds #timbrown #sec #cyber

‘The Retirement Plan’ Director Tim Brown on Turning Nicolas Cage Into a Beach Bum Assassin and Grandfather
#MovieFeatures #Movies #NicolasCage #TheRetirementPlan #TimBrown

https://www.hollywoodreporter.com/movies/movie-features/the-retirement-plan-director-tim-brown-on-turning-nicolas-cage-into-a-beach-bum-assassin-and-grandfather-1235591836/

@HeyeBodo @greenspindle #TimBrown got to write #DragonKingsProject without corporate interference so he got to explore the themes he and #TroyDenning did in #DarkSun. I was working with him to publish my #OSR rules but with the #OGL debacle we decided to stop as we no longer want to be tied to the #OGL. I like DK better and w/o corp’ he got to eliminate traditional Demi-humans making it more alien and a throwback to Howard, Vance, Norman, ERB, MZB…

Day 16 I didn’t start with collecting #TTRPGs by a specific #gamedesigner in mind but I’ve ended up with several games by #TimBrown; #DarkSun, #DragonKingsProject, #DragonKingsDS, #Traveller2300, #2300AD, Dark Knight of Karameikos, Ruins of Greyhawk.