Reasonable Threat Intelligence

Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse.  The IT Vendor was subsequently urged to pay ransom of [...]

By |2019-02-28T15:01:13-05:00February 28th, 2019|Best Practices, Cyber Security, Data Protection, Governance, Information Security, SEC, Uncategorized|Comments Off on Reasonable Threat Intelligence

SEC Plows the Field of Cyber-Enforcement

Takeaways from the Voya Breach and Settlement (Order distributed on September 26, 2018) Voya Financial Services, Inc. (“VFA”) Similar to past enforcements and, notably, the 2015 action and settlement with R.T. Jones, the SEC has invoked Rule 30(a) of Regulation S-P (the “Safeguards Rule”) in a broad swipe at a firm’s weak [...]

By |2018-11-05T12:50:02-05:00November 5th, 2018|Cyber Security|Comments Off on SEC Plows the Field of Cyber-Enforcement

SEC Observations on Cybersecurity Sweep 2

Suggestions to Achieve Greater Maturity On Monday, the SEC released “Observations” on the seminal 2015 Cybersecurity Examination Initiative or what they are now referring to as “Sweep 2.” While we find this document to be an unremarkable kitchen-sink of cyber-findings, the SEC has offered a concept for what they consider to be [...]

By |2018-01-25T20:21:58-05:00August 13th, 2017|Cyber Security|Comments Off on SEC Observations on Cybersecurity Sweep 2

Regulatory Rollback and Cybersecurity

Should Current Political Winds Impact Your Approach? A tremor ripped through the Investment Adviser and Broker-Dealer space last week as President Trump signed an Executive Memorandum, a call to investigate of the “Fiduciary Rule” and a likely precursor to specific attempts to roll back Dodd–Frank “Wall Street Reform and Consumer Protection Act”. [...]

By |2018-01-17T10:41:49-05:00February 7th, 2017|Cyber Security|Comments Off on Regulatory Rollback and Cybersecurity

2017 Exam Priorities – The SEC & The Cyberlandscape

Examination Priorities - Making Your Program Real The Priorities: More of The Same The SEC launched its 2017 Exam priorities last week. For the last couple of years, when the long-awaited priorities have been released, I have been reminded of a press conference that the late Presidential candidate and Senator, Fred Thompson [...]

By |2018-01-17T10:42:11-05:00January 17th, 2017|Cyber Security|Comments Off on 2017 Exam Priorities – The SEC & The Cyberlandscape

Inventories Revisited

Inventories Revisited - Making Your Asset Lists Work for You Inventory_Web.jpgIT Security in the Investment Adviser space faces an interesting quandary: does security drive compliance, or does compliance drive security? From the security side, the continuous call is that compliance with regulations should come as a result of good security. In essence, [...]

By |2018-01-17T14:13:24-05:00September 27th, 2016|Cyber Security|Comments Off on Inventories Revisited

Form ADV Amendments & Internet Presence

In the final, sleepy week of Summer on the 25th of August, the SEC adopted rule changes and additions to Form ADV which were proposed in May of 2015. The justification for the scope creep of information and “big data” is to fill gaps in intelligence, modernize, and enhance information provided to both [...]

By |2018-01-17T14:17:18-05:00September 5th, 2016|Cyber Security|Comments Off on Form ADV Amendments & Internet Presence

Zero Days for Investment Advisers

The Direct Impact of Stuxnet on the SEC and Investment Advisers Now that Alex Gibney’s remarkable documentary about the proliferation of the Stuxnet malware is available on Amazon, a wider audience and modest infosec professionals can enjoy the slow motion train wreck that has all investment advisers discussing cybersecurity. If you are [...]

By |2018-01-17T14:43:41-05:00August 9th, 2016|Cyber Security|Comments Off on Zero Days for Investment Advisers

The Formal Business Continuity and Transition Plan

On June 28th, the SEC announced that it is building upon its body of rules and expectations driven by concerns over cybersecurity and technology failures. The proposed Rule will require firms to “adopt and implement written business continuity and transition plans that include certain specific components, and to maintain relevant records of [...]

By |2018-01-17T14:48:16-05:00July 12th, 2016|Cyber Security|Comments Off on The Formal Business Continuity and Transition Plan

DLP Revisited Through The Lens of Enforcement

What You Should Know About MSSB's Enforcement Last year’s RT Jones enforcement was a shot across the bow to Investment Advisers of all sizes that the SEC was paying attention to cybersecurity and was taking it seriously. Fast forward to June 8, 2016 and to Morgan Stanley Smith Barney’s (MSSB) cybersecurity [...]

By |2018-01-17T14:54:13-05:00June 13th, 2016|Cyber Security|Comments Off on DLP Revisited Through The Lens of Enforcement
Go to Top