About Lyman Terni

This author has not yet filled in any details.
So far Lyman Terni has created 56 blog entries.

They Are, In Fact, Out To Get You

Teaching the Security Mindset to Your Organization We’ve all heard the old adage “the best defense is a good offense.” When it comes to cybersecurity that is certainly true. Defensive measures such as antivirus and antimalware, web content filtering, and spam blocking are all reactive strategies. They rely on previously identified definitions [...]

By |2018-01-17T15:16:39-05:00April 12th, 2016|Cyber Security|Comments Off on They Are, In Fact, Out To Get You

5 Questions for your IT Consultant

Death, Taxes, and Vendor Breach The CCO's Guide for Approaching the IT Consultant Almost every engagement we undertake has Vendor Management considerations. This makes sense as every day more and more Investment Adviser and Broker-Dealer processes are outsourced. While outsourcing can make life easier in many ways, the unavoidable responsibility of third-party due [...]

By |2018-01-17T15:25:49-05:00April 5th, 2016|Cyber Security|Comments Off on 5 Questions for your IT Consultant

5 Offensive Measures for the CCO

The SEC is Afraid. Are You? Painful Cyber-Realities and 5 Offensive Measures for the CCO For several years, we have steered clear of fear and doubt-based incentives for practicing good IT security. As the Head of the Division of Investment Management noted in a speech yesterday, the unfortunate reality is that there [...]

By |2018-01-17T15:44:50-05:00March 15th, 2016|Cyber Security|Comments Off on 5 Offensive Measures for the CCO

Passwords – The Starting Point

Strong Passwords and SEC Enforcement Enforcements pertaining to passwords? There’s only been one cybersecurity enforcement and it pertained to a lack of policy and procedure, right? (We’re referring here to R.T. Jones) Wrong. In 2008 LPL Financial Corporation was enforced for willfully violating Rule 30(a), “The Safeguards Rule,” by having insufficient security [...]

By |2018-01-17T15:47:59-05:00March 8th, 2016|Cyber Security, SEC|Comments Off on Passwords – The Starting Point

Five Vulnerability Mitigation Tips

Managing Vulnerabilities In Your Office As part of its second cybersecurity sweep, the SEC is asking advisers and broker dealers about their vulnerability management process. When a regulator starts asking about vulnerability management, the first thought most people have is pointing to vulnerability scanning as we have written about in previous posts. [...]

By |2018-01-17T15:57:55-05:00March 1st, 2016|Cyber Security|Comments Off on Five Vulnerability Mitigation Tips

Preparing for a Vulnerability Scan

5 Notions for Adding Value while Meeting SEC Regulatory Expectations Vulnerability Management is not the easiest concept to grasp, but, if you are attempting to define it, you are probably ahead of most of your peers in demonstrating IT security and corresponding program maturity. As Lyman Terni pointed out in a recent [...]

By |2018-01-17T16:01:29-05:00February 16th, 2016|Cyber Security|Comments Off on Preparing for a Vulnerability Scan

The Annual Review and Cybersecurity

The 206(4)-7 Annual Review and Cybersecurity. Steps for the CCO to Consider and Elements of the Compliance Rule Now is the perfect time to consider the incorporation of IT Security/Cybersecurity into the Annual Review process. While ownership of the Compliance and the IT functions may belong to management, there is no getting around [...]

By |2018-01-18T10:07:55-05:00February 2nd, 2016|Cyber Security|Comments Off on The Annual Review and Cybersecurity

Cybersecurity Training For Your Employees – 5 Must Dos

Training your employees to be cyberaware and cybersecure January’s initial flurry of activity is winding down, and you are likely beginning to think about your annual compliance review, including mandatory compliance training. At this time last year, we were eagerly awaiting the results of the SEC’s First Cybersecurity Sweep. The 2015 Exam [...]

By |2021-03-02T10:42:09-05:00January 19th, 2016|Cyber Security|Comments Off on Cybersecurity Training For Your Employees – 5 Must Dos

Identifying Vulnerabilities: A Key Step in Securing Your Program

Vulnerability Scanning, The SEC, and You: The First Step in Securing your Network Introduction In the last several years, the speak coming from regulators, customers, and vendors has all been centered on cybersecurity: what it is and how to have “good cybersecurity” or how to be “cybersecure”. By this point, we all realize [...]

By |2018-01-18T10:15:12-05:00January 12th, 2016|Cyber Security|Comments Off on Identifying Vulnerabilities: A Key Step in Securing Your Program

Evolving Cybersecurity Controls for 2016

Thinking out of the Box with WARP: (Whitelisting, App Blocking, Red Teams, and Pentesting) Many businesses across highly regulated industries, like investment advisers and broker dealers, are thinking in terms of "How do we check the Cybersecurity box?" Federal- and Agency-Level regulatory initiatives, as discussed in our last post of 2015, have [...]

By |2018-01-18T10:19:13-05:00January 6th, 2016|Cyber Security|Comments Off on Evolving Cybersecurity Controls for 2016
Go to Top