Jan. 26, 2023
Good day, With respect to the following: "..Management’s role, and relevant expertise, in assessing and managing cybersecurity related risks and implementing related policies, procedures, and strategies.41" Taken from Federal Register / Vol. 87, No. 56 / Wednesday, March 23, 2022 / Proposed Rules How will the SEC evaluate what "relevant expertise" will be? Unless the US Government adopts a model that the person responsible (on behalf of the board) has the right qualifications and years of experience, the submissions by Registrants to the SEC will likely be a "check the box" approach and not align with the goals and objectives of this proposed obligation. Example: If the Board of Directors for ACME advises Jamal Washington is the cyber expert, because he possesses a Security+ certification and has five years of experience in cyber security, is likely going to result in shareholder value being inadvertently diminished. Sincerely, Carter Schoenberg