This guidance provides the Division of Corporation Finance's views regarding disclosure obligations relating to cyber security risks and cyber incidents. The statements in this CF Disclosure Guidance represent the views of the Division of Corporation Finance. This guidance is not a rule, regulation, or statement of the Securities and Exchange Commission.

As part of our commitment to helping companies to safely collect and use consumer data to power their businesses, we wanted to get behind the headlines and find out what effect the events of 2013 have had on consumer privacy concerns and provide an accurate picture of the potential impact this could have on businesses in the year ahead.

Enabling a streamlined, automated, and collaborative approach to vendor risk management with MetricStream.

Introduction: Corporations often depend on hundreds of vendors to fulfill their business processes. Single sourcing puts institutions at risk by making them too dependent on one vendor. On the other hand, multiple sourcing dilutes vendor accountability, and makes vendor collaboration and coordination much more challenging.

Introduction: Information technology risk teams know well that the scope of IT risks can be very broad – ranging from technical security risk, to IT operations risk, through to operational risk and enterprise risk.

Enterprises, merchants and payment processors face severe, ongoing challenges securing their networks and high value sensitive data such as payment cardholder data, to comply with the Payment Card Industry Data Security Standard (PCI DSS) and data privacy laws. Voltage SST Technology Delivers Advanced Protection for Sensitive Corporate Data.

Overview: As business operations scale up and become increasingly dependent on Information Technology (IT), IT environments will continue to become more complex, exposing organizations to a wide array of risks, threats, and vulnerabilities that have a direct impact on the performance of the enterprise.

A growing regional air carrier needed a way to protect its customer data and achieve compliance at both level-1 and level-2 classifications. The Voltage Security solution combines the following technologies to deliver a simple and cost-effective solution across the entire company: Voltage Secure Stateless Tokenization (SST) technology, Voltage Format-Preserving Encryption (FPE), and Voltage Page-Integrated Encryption (PIE).

In today's global business environment, companies are increasingly finding their employees, business practices, and IT systems stretched across international boundaries. However, one element of a global enterprise remains surprisingly local: how to effectively manage data residency requirements and data privacy regulations.

The Payment Card Industry (PCI) Data Security Standard (DSS) 2.01 dictates that organizations processing and storing credit card data just comply with a set of well-defined audit requirements in twelve areas of cardholder data management and privacy. Compliance with PCI DSS 2.0 can be expensive, challenging, time-consuming, and disruptive, as cardholder data is often stored, transmitted, and used in many different applications within an organization, sometimes even beyond the organization's IT firewalls.

Catbird vSecurity is an integrated network security solution purpose-built for virtualized infrastructure with continuous monitoring, automated enforcement, and real-time proof of compliance capabilities that accelerate virtualization and dramatically increase operational efficiencies.

As a member of the VMware Partner Network, Catbird published this addendum to the VMware Solution Guide for PCI DSS. Forsythe, a QSA, has confirmed that Catbird control elements are in line with PCI Guidance. Catbird vSecurity enables continuous policy monitoring and automated enforcement for the PCI DSS framework.

Co-sponsored by Catbird and VigiTrust, this paper addresses overcoming the challenges of scoping for Cardholder Data, including scope management, assessment preparation, continuous compliance considerations, operation impacts and do's and don'ts of virtualization security.

Investing in risk management means investing in business sustainability – designing a comprehensive business continuity and disaster recovery plan is about analyzing the impact of a business interruption on revenue.