This may be one of those cases where regulatory expectation is just as important as the written Rule. The Division of Investment Management's April 28 guidance used the following language: “In the staff’s view, there are a number of measures that funds and advisers may wish to consider in addressing cybersecurity risk.” [...]
Just weeks ago, SEC Commissioner Aguilar’s Chief of Staff noted that the SEC is about to enter “a time of great change” regarding regulation for breach disclosure. Just weeks later, the guidance from the Division of Investment Management reinforced this notion by commenting that “in the staff’s view, funds and advisers should [...]
Legal and Financial firms should be aware of and understand the guidance offered by the U.S. Department of Justice, Criminal Division, Cybersecurity Unit, titled “Best Practices for Victim Response and Reporting of Cyber Incidents” which was issued last Friday, April 29, 2015. We sit up and pay attention when Executive Departments with [...]
The SEC has offered definitive guidance on Cybersecurity, tying failures or shortcomings in practices to specific Rules and Regulations and paving the way for potential enforcement. While we have been discussing the path the SEC was implying for some months in the wake of the Cybersecurity Sweep results of February 3, 2015, [...]
At the 2015 RSA conference, Commissioner Aguilar’s Chief of Staff, Smeta Ramarathnam, participated in a panel titled “Full Disclosure: What Companies Should Tell Investors About Cyber Incidents.” While Aguilar’s emissary reminded us of the importance of general cybersecurity risk disclosure, her message focused upon the disclosure of breach events, stating that the [...]
A cybersecurity event has occurred at your firm. Your team is deep into its incident response plan. Procedures that you put in place and have tested and improved over the years are flowing relatively smoothly to their conclusion. Forensics staff have been brought in to determine how the incident occurred, law enforcement [...]
Most companies have a cybersecurity plan of sorts in place already. When we speak, in general terms, about the first three key functions in the NIST Cybersecurity Framework, “Identify”, “Detect”, and “Protect”, we are met with understanding. After all, these categories make sense to all of us. Identifying those assets that need [...]
On March 26th, two days after our “Current State of Affairs” post for the Legal Industry, the New York Times reported on an internal Citigroup memo discussing specific breach and security shortcomings at Law Firms.[1] Further, an April 8th Dealbook piece is again discussing Law Firms as vendors to major banks and Wall St. Firms who must [...]
Diligent CCOs know by this point that they have some responsibility when it comes to the security of their firm and its information. Most are only too painfully aware that within the heading of security, they must be informed on the topic of cybersecurity. But from where does this impetus derive? A [...]
Periodically, the heat is turned up on the Legal Industry and recently the New York Times reported on the concept of information sharing between Wall Street Banks and Law Firms.[1] This came to mind as I had breakfast with one of the policy architects of public/private initiative which led to the creation [...]