Training your employees to be cyberaware and cybersecure January’s initial flurry of activity is winding down, and you are likely beginning to think about your annual compliance review, including mandatory compliance training. At this time last year, we were eagerly awaiting the results of the SEC’s First Cybersecurity Sweep. The 2015 Exam [...]

Vulnerability Scanning, The SEC, and You: The First Step in Securing your Network Introduction In the last several years, the speak coming from regulators, customers, and vendors has all been centered on cybersecurity: what it is and how to have “good cybersecurity” or how to be “cybersecure”. By this point, we all realize [...]

Thinking out of the Box with WARP: (Whitelisting, App Blocking, Red Teams, and Pentesting) Many businesses across highly regulated industries, like investment advisers and broker dealers, are thinking in terms of "How do we check the Cybersecurity box?" Federal- and Agency-Level regulatory initiatives, as discussed in our last post of 2015, have [...]

Cybersecurity is the CCO’s Monkey. A Lookback at a Landmark Year for Cybersecurity If 2013 represented a flashpoint for Cybersecurity, the year in which front-page breach, Advanced Persistent Threats, and the Presidential Executive Order (13636) ignited public awareness, 2015 is the year in which Regulatory response has fueled the fully engulfed fire. At [...]

Information Technology professionals typically view Data Loss Prevention in a rather narrow way: DLP is a set of tools, products, and/or practices that can be used to monitor for or restrict the transmission of sensitive data outside of a given organization. Operating under this assumption, Data Loss Prevention can be an excellent [...]

EMPLOYEE ONBOARDING – LAYING THE FOUNDATION FOR A SECURE WORKFORCE Oftentimes, a company-wide shift in policy can seem a daunting task. Many of the people we speak to discuss their desire to promote cybersecurity and to meet newly-discovered regulatory obligations. “But,” they ask, “where do I begin? My staff have been doing [...]

Six Considerations for Investment Advisers and the CCO The concept of “Attack Surface” with respect to IT program exposure has become more relevant due to the advent of new technologies such as cloud-based services and applications, the proliferation of mobile devices for business use, and the acceleration of breach activities. As your [...]

Understanding the SEC's Focus on Governance “There is no such thing as bad publicity,” a notorious circus promoter allegedly once said.[1]  And cybersecurity sure has had its fair share lately.  Hardly a month, week or day goes by without another news flash that some company, government institution or law enforcement agency has [...]

5 Steps for Advisers and Broker-Dealers in the Wake of R.T. Jones The SEC’s Order referenced R.T. Jones’s failure “to adopt any written policies and procedures reasonably designed to safeguard its clients’ PII as required by the Safeguards Rule.”  This isn’t the first time the Commission has invoked Rule 30(a) of Regulation [...]

The Future of The SEC Exam is Here. How to Respond to the New Request. Last week the SEC Office of Compliance Inspections and Examinations (“OCIE”) released its second Cybersecurity Examination Initiative; the first shot was fired in April, 2014 and was more commonly referred to as the “Cybersecurity Sweep Document Request.” [...]