Cybersecurity Training For Your Employees – 5 Must Dos

Training your employees to be cyberaware and cybersecure January’s initial flurry of activity is winding down, and you are likely beginning to think about your annual compliance review, including mandatory compliance training. At this time last year, we were eagerly awaiting the results of the SEC’s First Cybersecurity Sweep. The 2015 Exam [...]

By |2021-03-02T10:42:09-05:00January 19th, 2016|Cyber Security|Comments Off on Cybersecurity Training For Your Employees – 5 Must Dos

Identifying Vulnerabilities: A Key Step in Securing Your Program

Vulnerability Scanning, The SEC, and You: The First Step in Securing your Network Introduction In the last several years, the speak coming from regulators, customers, and vendors has all been centered on cybersecurity: what it is and how to have “good cybersecurity” or how to be “cybersecure”. By this point, we all realize [...]

By |2018-01-18T10:15:12-05:00January 12th, 2016|Cyber Security|Comments Off on Identifying Vulnerabilities: A Key Step in Securing Your Program

Evolving Cybersecurity Controls for 2016

Thinking out of the Box with WARP: (Whitelisting, App Blocking, Red Teams, and Pentesting) Many businesses across highly regulated industries, like investment advisers and broker dealers, are thinking in terms of "How do we check the Cybersecurity box?" Federal- and Agency-Level regulatory initiatives, as discussed in our last post of 2015, have [...]

By |2018-01-18T10:19:13-05:00January 6th, 2016|Cyber Security|Comments Off on Evolving Cybersecurity Controls for 2016

Regulatory Compliance Drives IT Security in 2015

Cybersecurity is the CCO’s Monkey. A Lookback at a Landmark Year for Cybersecurity If 2013 represented a flashpoint for Cybersecurity, the year in which front-page breach, Advanced Persistent Threats, and the Presidential Executive Order (13636) ignited public awareness, 2015 is the year in which Regulatory response has fueled the fully engulfed fire. At [...]

By |2018-01-18T10:24:37-05:00December 14th, 2015|Cyber Security|Comments Off on Regulatory Compliance Drives IT Security in 2015

Data Loss Prevention – The SEC’s Expansive View

Information Technology professionals typically view Data Loss Prevention in a rather narrow way: DLP is a set of tools, products, and/or practices that can be used to monitor for or restrict the transmission of sensitive data outside of a given organization. Operating under this assumption, Data Loss Prevention can be an excellent [...]

By |2018-01-20T11:27:54-05:00November 17th, 2015|Cyber Security|Comments Off on Data Loss Prevention – The SEC’s Expansive View

Employee Onboarding – Laying the Foundation for a Secure Workforce

EMPLOYEE ONBOARDING – LAYING THE FOUNDATION FOR A SECURE WORKFORCE Oftentimes, a company-wide shift in policy can seem a daunting task. Many of the people we speak to discuss their desire to promote cybersecurity and to meet newly-discovered regulatory obligations. “But,” they ask, “where do I begin? My staff have been doing [...]

By |2018-01-20T11:31:11-05:00November 10th, 2015|Cyber Security|Comments Off on Employee Onboarding – Laying the Foundation for a Secure Workforce

Reducing Your Attack Surface

Six Considerations for Investment Advisers and the CCO The concept of “Attack Surface” with respect to IT program exposure has become more relevant due to the advent of new technologies such as cloud-based services and applications, the proliferation of mobile devices for business use, and the acceleration of breach activities. As your [...]

By |2018-01-20T11:33:29-05:00November 3rd, 2015|Cyber Security|Comments Off on Reducing Your Attack Surface

Information Governance Part 1: “The Stakes”

Understanding the SEC's Focus on Governance “There is no such thing as bad publicity,” a notorious circus promoter allegedly once said.[1]  And cybersecurity sure has had its fair share lately.  Hardly a month, week or day goes by without another news flash that some company, government institution or law enforcement agency has [...]

By |2018-01-20T11:58:00-05:00October 21st, 2015|Cyber Security|Comments Off on Information Governance Part 1: “The Stakes”

Lessons From Cyber Enforcement for the CCO

5 Steps for Advisers and Broker-Dealers in the Wake of R.T. Jones The SEC’s Order referenced R.T. Jones’s failure “to adopt any written policies and procedures reasonably designed to safeguard its clients’ PII as required by the Safeguards Rule.”  This isn’t the first time the Commission has invoked Rule 30(a) of Regulation [...]

By |2018-01-20T12:00:24-05:00October 13th, 2015|Cyber Security|Comments Off on Lessons From Cyber Enforcement for the CCO

SEC Fires the Second Round on Cyber Exams

The Future of The SEC Exam is Here. How to Respond to the New Request. Last week the SEC Office of Compliance Inspections and Examinations (“OCIE”) released its second Cybersecurity Examination Initiative; the first shot was fired in April, 2014 and was more commonly referred to as the “Cybersecurity Sweep Document Request.” [...]

By |2018-01-20T12:02:14-05:00September 22nd, 2015|Cyber Security|Comments Off on SEC Fires the Second Round on Cyber Exams
Go to Top