Reasonable Threat Intelligence

Managed Service Providers Under Attack In the past month, a Managed Service Provider (MSP), or what many registered investment advisers might utilize as their outsourced IT Provider, was breached, exposing up to 2000 user endpoints to issues of disruption and perhaps worse.  The IT Vendor was subsequently urged to pay ransom of [...]

Passwords – The Starting Point

Strong Passwords and SEC Enforcement Enforcements pertaining to passwords? There’s only been one cybersecurity enforcement and it pertained to a lack of policy and procedure, right? (We’re referring here to R.T. Jones) Wrong. In 2008 LPL Financial Corporation was enforced for willfully violating Rule 30(a), “The Safeguards Rule,” by having insufficient security [...]

By |2018-01-17T15:47:59-04:00March 8th, 2016|Cyber Security, SEC|0 Comments

The SEC at RSA 2015: Focus on Breach and Disclosure

At the 2015 RSA conference, Commissioner Aguilar’s Chief of Staff, Smeta Ramarathnam, participated in a panel titled “Full Disclosure: What Companies Should Tell Investors About Cyber Incidents.”  While Aguilar’s emissary reminded us of the importance of general cybersecurity risk disclosure, her message focused upon the disclosure of breach events, stating that the [...]

By |2018-01-25T21:47:42-04:00April 28th, 2015|Cyber Security, SEC|0 Comments

Aguilar Speaks (But You Should Read the Footnotes)

In a prepared speech at the Georgia Law Review Annual Symposium, SEC Commissioner Luis A. Aguilar covered a broad range of topics under the heading of “Preparing for Regulatory Challenges of the 21st Century.” Main points covered the ever-evolving markets and the need for high-quality information. In his closing statement, the Commissioner [...]

By |2018-01-26T17:43:55-04:00March 31st, 2015|Best Practices, SEC|0 Comments