Cybersecurity is the CCO’s Monkey. A Lookback at a Landmark Year for Cybersecurity If 2013 represented a flashpoint for Cybersecurity, the year in which front-page breach, Advanced Persistent Threats, and the Presidential Executive Order (13636) ignited public awareness, 2015 is the year in which Regulatory response has fueled the fully engulfed fire. At [...]
11 Key Reasons To Develop a Governance Plan For much of the Information Age, allowing information (even after its business function is fulfilled and there is no other obligation to keep it) to accumulate was relatively risk-free since storage devices were so cheap. But recently, three important developments have changed all this: [...]
Information Technology professionals typically view Data Loss Prevention in a rather narrow way: DLP is a set of tools, products, and/or practices that can be used to monitor for or restrict the transmission of sensitive data outside of a given organization. Operating under this assumption, Data Loss Prevention can be an excellent [...]
EMPLOYEE ONBOARDING – LAYING THE FOUNDATION FOR A SECURE WORKFORCE Oftentimes, a company-wide shift in policy can seem a daunting task. Many of the people we speak to discuss their desire to promote cybersecurity and to meet newly-discovered regulatory obligations. “But,” they ask, “where do I begin? My staff have been doing [...]
Six Considerations for Investment Advisers and the CCO The concept of “Attack Surface” with respect to IT program exposure has become more relevant due to the advent of new technologies such as cloud-based services and applications, the proliferation of mobile devices for business use, and the acceleration of breach activities. As your [...]
Understanding the SEC's Focus on Governance “There is no such thing as bad publicity,” a notorious circus promoter allegedly once said.[1] And cybersecurity sure has had its fair share lately. Hardly a month, week or day goes by without another news flash that some company, government institution or law enforcement agency has [...]
5 Steps for Advisers and Broker-Dealers in the Wake of R.T. Jones The SEC’s Order referenced R.T. Jones’s failure “to adopt any written policies and procedures reasonably designed to safeguard its clients’ PII as required by the Safeguards Rule.” This isn’t the first time the Commission has invoked Rule 30(a) of Regulation [...]
The Future of The SEC Exam is Here. How to Respond to the New Request. Last week the SEC Office of Compliance Inspections and Examinations (“OCIE”) released its second Cybersecurity Examination Initiative; the first shot was fired in April, 2014 and was more commonly referred to as the “Cybersecurity Sweep Document Request.” [...]
Boards and C-Suites in Shareholders' Legal Crosshairs for Data Breaches As companies attempt to balance data security and privacy with data utility, security breaches have exploded in frequency. Hardly a month passes without headlines of a business experiencing a data breach involving the unauthorized disclosure of consumers’ personal and financial information. These [...]
Logical Encryption Controls to Secure Your Firm Encryption is all the rage today. Regulators are asking firms about their encryption policies, and those who do not have well-executed strategies can find themselves at risk of examination deficiencies or enforcement. With NSA spying allegations, the general public has begun to understand that encryption [...]