Urgences 24 sur 7 – (888) 287-5858     Support     Contactez-nous    Blogue

As a reaction to a number of major corporate and accounting scandals (namely Enron and WorldCom), twenty years ago the Sarbanes-Oxley Act (SOX) was enacted. The law is almost certainly present in the day-to-day professional lives of every public company CFO and CEO.

Arguably, SOX has improved transparency and investor confidence in US capital markets. By imposing strict new controls over financial reporting processes, mandating criminal penalties for senior executives who certify false financial statements, enacting new regulations ensuring auditor independence, and strengthening Board oversight and governance, Congress accomplished what it set it out do to: end the rash of accounting scandals that plagued financial markets in the early 2000s.

Fast forward 20 years as we are faced with a steady stream of cybersecurity events. This week, the SEC charged SolarWinds and Chief Information Security Officer with fraud and internal control failures.

CISO criminal liability is something the cybersecurity community has been watching closely over the past several years. The fresh SEC charges against SolarWinds and its CISO come on the heels of a judge sentencing the Uber CISO to three years’ probation for his role in the coverup of a 2016 data breach at Uber. Threatening executives with jailtime is a powerful motivator. As the implementation of SOX materially strengthened financial controls and reporting, expect technology executives to insist on stronger cyber risk programs and mechanisms to provably demonstrate cyber posture:

  • Increased use of quantitative frameworks to supplement opinion and professional judgement in cyber risk decision making
  • CISO participation in regulatory disclosure process
  • Larger cyber risk budget requests to close security control gaps
  • Pay increases for qualified CISOs to compensate for personal risk
  • Increased scrutiny on the contracted liability “teeth” for cybersecurity functions that are outsourced

The cybersecurity space is awash with tooling; it is difficult for even highly mature cyber risk programs to translate the effectiveness of their tooling in a way that is consumable by risk governance teams to know what cyber risk investments are appropriate and to react quickly in this highly dynamic space. Unlike financial controls which are relatively static over time, cyber controls faced with active adversaries must constantly evolve. Establishing an effective cyber risk governance structure and maintaining clear accountability within that structure is critical when making material statements about the current state of your security program.

Need a clear perspective on your cybersecurity?

GoSecure can guide you.

GoSecure Titan® Threat Modeler provides cyber risk executives a dynamic view of the effectiveness and appropriateness of their control tools and appropriateness of their controls in light of relevant threats.

Discover How

Explore GoSecure Penetration Testing Services, Advisory Services and GoSecure Titan® Threat Modeler for a comprehensive view of your cyber posture. GoSecure Titan® Threat Modeler, when combined with robust offensive testing from our penetration testing services and our advisory services will validate technical control efficacy to conduct GRC assessment programs that will evaluate the maturity of the security program, provides quantitatively rigorous and compelling evidence of effective control coverage against emerging threats, which supports strategic controls investments and cyber risk posture in general. Validate your security efficacy with GoSecure Titan® Threat Modeler combined with GoSecure Penetration Testing Services and Advisory Services.

Learn More

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR)

Détection et réponse gérées et étendues GoSecure TitanMC (MXDR) Fondation

Gestion des vulnérabilités en tant que service GoSecure TitanMC (VMaaS)

Surveillance des événements liés aux informations de sécurité gérée GoSecure TitanMC (SIEM)

Défense du périmètre gérée GoSecure TitanMC (pare-feu)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Passerelle de messagerie sécurisée GoSecure TitanMC (SEG)

Modélisateur de menaces GoSecure TitanMC

Identity GoSecure TitanMC

Plateforme GoSecure TitanMC

Services de sécurité professionnels de GoSecure

Services de réponse aux incidents

Évaluation de la maturité de la sécurité

Services de confidentialité

Services PCI DSS

Services de piratage éthique

Opérations de sécurité


GoSecure MXDR pour Microsoft

Visibilité et réponse complètes au sein de votre environnement de sécurité Microsoft



Mesures de sécurité basées sur les risques

Sociétés de financement par capitaux propres

Prendre des décisions éclairées

Sécurité des données sensibles

Protéger les informations sensibles

Conformité en matière de cybersécurité

Respecter les obligations réglementaires


Une stratégie précieuse de gestion des risques


Combattre les rançongiciels grâce à une sécurité innovante

Attaques de type « zero-day »

Arrêter les exploits de type « zero-day » grâce à une protection avancée

Consolider, évoluer et prospérer

Prenez de l'avance et gagnez la course avec la Plateforme GoSecure TitanMC.

24/7 MXDR

Détection et réponse sur les terminaux GoSecure TitanMC (EDR)

Antivirus de nouvelle génération GoSecure TitanMC (NGAV)

Détection et réponse sur le réseau GoSecure TitanMC (NDR)

Détection et réponse des boîtes de messagerie GoSecure TitanMC (IDR)

Intelligence GoSecure TitanMC


GoSecure est un leader et un innovateur reconnu en matière de cybersécurité, pionnier de l'intégration de la détection des menaces au niveau des terminaux, du réseau et des courriels en un seul service de détection et réponse gérées et étendues (MXDR). Depuis plus de 20 ans, GoSecure aide ses clients à mieux comprendre leurs failles en matière de sécurité et à améliorer leurs risques organisationnels ainsi que leur maturité en matière de sécurité grâce aux solutions MXDR et aux services professionnels fournis par l'une des équipes les plus fiables et les plus compétentes de l'industrie.


May 21 ITSec




Urgences 24 sur 7 – (888) 287-5858