Windows 10 Upgrade Due Diligence for Investment Advisers and Broker Dealers Why are we talking about upgrading workstations and laptops in a blog that, to date, has focused pretty heavily on IT Issues and Regulatory Compliance? It’s not that we’re changing our focus. It’s that you, as a CCO need to [...]
Immutable Security Laws For The CCO - #7 - The Well-Administered Network I recently had the chance to hear David Glockner, Director of the Chicago Regional Office, speak on IT Security and have a few words with him on the subject. The Chicago Office, of course, led the effort on the R.T. [...]
As investment advisers and broker-dealers consider sophisticated and costly monitoring tools as a panacea for IT Security, we still find a regular need for fundamental information practices, which could have a much greater impact on preventing and controlling breach. The good news for businesses, whether you consider the firm to be small [...]
Teaching the Security Mindset to Your Organization We’ve all heard the old adage “the best defense is a good offense.” When it comes to cybersecurity that is certainly true. Defensive measures such as antivirus and antimalware, web content filtering, and spam blocking are all reactive strategies. They rely on previously identified definitions [...]
Death, Taxes, and Vendor Breach The CCO's Guide for Approaching the IT Consultant Almost every engagement we undertake has Vendor Management considerations. This makes sense as every day more and more Investment Adviser and Broker-Dealer processes are outsourced. While outsourcing can make life easier in many ways, the unavoidable responsibility of third-party due [...]
The SEC is Afraid. Are You? Painful Cyber-Realities and 5 Offensive Measures for the CCO For several years, we have steered clear of fear and doubt-based incentives for practicing good IT security. As the Head of the Division of Investment Management noted in a speech yesterday, the unfortunate reality is that there [...]
Strong Passwords and SEC Enforcement Enforcements pertaining to passwords? There’s only been one cybersecurity enforcement and it pertained to a lack of policy and procedure, right? (We’re referring here to R.T. Jones) Wrong. In 2008 LPL Financial Corporation was enforced for willfully violating Rule 30(a), “The Safeguards Rule,” by having insufficient security [...]
Managing Vulnerabilities In Your Office As part of its second cybersecurity sweep, the SEC is asking advisers and broker dealers about their vulnerability management process. When a regulator starts asking about vulnerability management, the first thought most people have is pointing to vulnerability scanning as we have written about in previous posts. [...]
5 Notions for Adding Value while Meeting SEC Regulatory Expectations Vulnerability Management is not the easiest concept to grasp, but, if you are attempting to define it, you are probably ahead of most of your peers in demonstrating IT security and corresponding program maturity. As Lyman Terni pointed out in a recent [...]
The 206(4)-7 Annual Review and Cybersecurity. Steps for the CCO to Consider and Elements of the Compliance Rule Now is the perfect time to consider the incorporation of IT Security/Cybersecurity into the Annual Review process. While ownership of the Compliance and the IT functions may belong to management, there is no getting around [...]