The CCO and the Keys to the Kingdom
As investment advisers and broker-dealers consider sophisticated and costly monitoring tools as a panacea for IT Security, we still find a regular need for fundamental information practices, which could have a much greater impact on preventing and controlling breach. The good news for businesses, whether you consider the firm to be [...]
They Are, In Fact, Out To Get You
Teaching the Security Mindset to Your Organization We’ve all heard the old adage “the best defense is a good offense.” When it comes to cybersecurity that is certainly true. Defensive measures such as antivirus and antimalware, web content filtering, and spam blocking are all reactive strategies. They rely on previously identified [...]
5 Questions for your IT Consultant
Death, Taxes, and Vendor Breach The CCO's Guide for Approaching the IT Consultant Almost every engagement we undertake has Vendor Management considerations. This makes sense as every day more and more Investment Adviser and Broker-Dealer processes are outsourced. While outsourcing can make life easier in many ways, the unavoidable responsibility of third-party [...]
5 Offensive Measures for the CCO
The SEC is Afraid. Are You? Painful Cyber-Realities and 5 Offensive Measures for the CCO For several years, we have steered clear of fear and doubt-based incentives for practicing good IT security. As the Head of the Division of Investment Management noted in a speech yesterday, the unfortunate reality is that [...]
Passwords – The Starting Point
Strong Passwords and SEC Enforcement Enforcements pertaining to passwords? There’s only been one cybersecurity enforcement and it pertained to a lack of policy and procedure, right? (We’re referring here to R.T. Jones) Wrong. In 2008 LPL Financial Corporation was enforced for willfully violating Rule 30(a), “The Safeguards Rule,” by having insufficient [...]
Five Vulnerability Mitigation Tips
Managing Vulnerabilities In Your Office As part of its second cybersecurity sweep, the SEC is asking advisers and broker dealers about their vulnerability management process. When a regulator starts asking about vulnerability management, the first thought most people have is pointing to vulnerability scanning as we have written about in previous [...]