Reasonable Threat Intelligence

Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse.  The IT Vendor was subsequently urged to pay ransom of [...]

SEC Plows the Field of Cyber-Enforcement

Takeaways from the Voya Breach and Settlement (Order distributed on September 26, 2018) Voya Financial Services, Inc. (“VFA”) Similar to past enforcements and, notably, the 2015 action and settlement with R.T. Jones, the SEC has invoked Rule 30(a) of Regulation S-P (the “Safeguards Rule”) in a broad swipe at a firm’s weak [...]

By |2018-11-05T12:50:02-04:00November 5th, 2018|Cyber Security|0 Comments

SEC Observations on Cybersecurity Sweep 2

Suggestions to Achieve Greater Maturity On Monday, the SEC released “Observations” on the seminal 2015 Cybersecurity Examination Initiative or what they are now referring to as “Sweep 2.” While we find this document to be an unremarkable kitchen-sink of cyber-findings, the SEC has offered a concept for what they consider to be [...]

By |2018-01-25T20:21:58-04:00August 13th, 2017|Cyber Security|0 Comments

Regulatory Rollback and Cybersecurity

Should Current Political Winds Impact Your Approach? A tremor ripped through the Investment Adviser and Broker-Dealer space last week as President Trump signed an Executive Memorandum, a call to investigate of the “Fiduciary Rule” and a likely precursor to specific attempts to roll back Dodd–Frank “Wall Street Reform and Consumer Protection Act”. [...]

By |2018-01-17T10:41:49-04:00February 7th, 2017|Cyber Security|0 Comments

Inventories Revisited

Inventories Revisited - Making Your Asset Lists Work for You Inventory_Web.jpgIT Security in the Investment Adviser space faces an interesting quandary: does security drive compliance, or does compliance drive security? From the security side, the continuous call is that compliance with regulations should come as a result of good security. In essence, [...]

By |2018-01-17T14:13:24-04:00September 27th, 2016|Cyber Security|0 Comments

Form ADV Amendments & Internet Presence

In the final, sleepy week of Summer on the 25th of August, the SEC adopted rule changes and additions to Form ADV which were proposed in May of 2015. The justification for the scope creep of information and “big data” is to fill gaps in intelligence, modernize, and enhance information provided to both [...]

By |2018-01-17T14:17:18-04:00September 5th, 2016|Cyber Security|0 Comments

Zero Days for Investment Advisers

The Direct Impact of Stuxnet on the SEC and Investment Advisers Now that Alex Gibney’s remarkable documentary about the proliferation of the Stuxnet malware is available on Amazon, a wider audience and modest infosec professionals can enjoy the slow motion train wreck that has all investment advisers discussing cybersecurity. If you are [...]

By |2018-01-17T14:43:41-04:00August 9th, 2016|Cyber Security|0 Comments

The Formal Business Continuity and Transition Plan

On June 28th, the SEC announced that it is building upon its body of rules and expectations driven by concerns over cybersecurity and technology failures. The proposed Rule will require firms to “adopt and implement written business continuity and transition plans that include certain specific components, and to maintain relevant records of [...]

By |2018-01-17T14:48:16-04:00July 12th, 2016|Cyber Security|0 Comments