As investment advisers and broker-dealers consider sophisticated and costly monitoring tools as a panacea for IT Security, we still find a regular need for fundamental information practices, which could have a much greater impact on preventing and controlling breach. The good news for businesses, whether you consider the firm to be [...]

Teaching the Security Mindset to Your Organization We’ve all heard the old adage “the best defense is a good offense.” When it comes to cybersecurity that is certainly true. Defensive measures such as antivirus and antimalware, web content filtering, and spam blocking are all reactive strategies. They rely on previously identified [...]

Death, Taxes, and Vendor Breach The CCO's Guide for Approaching the IT Consultant Almost every engagement we undertake has Vendor Management considerations. This makes sense as every day more and more Investment Adviser and Broker-Dealer processes are outsourced. While outsourcing can make life easier in many ways, the unavoidable responsibility of third-party [...]

The SEC is Afraid. Are You? Painful Cyber-Realities and 5 Offensive Measures for the CCO For several years, we have steered clear of fear and doubt-based incentives for practicing good IT security. As the Head of the Division of Investment Management noted in a speech yesterday, the unfortunate reality is that [...]

Managing Vulnerabilities In Your Office As part of its second cybersecurity sweep, the SEC is asking advisers and broker dealers about their vulnerability management process. When a regulator starts asking about vulnerability management, the first thought most people have is pointing to vulnerability scanning as we have written about in previous [...]