5 Notions for Adding Value while Meeting SEC Regulatory Expectations Vulnerability Management is not the easiest concept to grasp, but, if you are attempting to define it, you are probably ahead of most of your peers in demonstrating IT security and corresponding program maturity. As Lyman Terni pointed out in a [...]

The 206(4)-7 Annual Review and Cybersecurity. Steps for the CCO to Consider and Elements of the Compliance Rule Now is the perfect time to consider the incorporation of IT Security/Cybersecurity into the Annual Review process. While ownership of the Compliance and the IT functions may belong to management, there is no getting [...]

Training your employees to be cyberaware and cybersecure January’s initial flurry of activity is winding down, and you are likely beginning to think about your annual compliance review, including mandatory compliance training. At this time last year, we were eagerly awaiting the results of the SEC’s First Cybersecurity Sweep. The 2015 [...]

Vulnerability Scanning, The SEC, and You: The First Step in Securing your Network Introduction In the last several years, the speak coming from regulators, customers, and vendors has all been centered on cybersecurity: what it is and how to have “good cybersecurity” or how to be “cybersecure”. By this point, we all [...]

Thinking out of the Box with WARP: (Whitelisting, App Blocking, Red Teams, and Pentesting) Many businesses across highly regulated industries, like investment advisers and broker dealers, are thinking in terms of "How do we check the Cybersecurity box?" Federal- and Agency-Level regulatory initiatives, as discussed in our last post of 2015, [...]

Cybersecurity is the CCO’s Monkey. A Lookback at a Landmark Year for Cybersecurity If 2013 represented a flashpoint for Cybersecurity, the year in which front-page breach, Advanced Persistent Threats, and the Presidential Executive Order (13636) ignited public awareness, 2015 is the year in which Regulatory response has fueled the fully engulfed fire. [...]