Don't Forget to Share this Post

SEC Outlines Cybersecurity Questions, Sets Magic Number at 50 Firms

By Mary Beth Hamilton | Tuesday, April 22nd, 2014

SEC Cybersecurity and logoThe SEC last week provided even more clarity into its growing focus on cybersecurity at broker dealers and registered investment advisers. A key takeaway in a Risk Alert issued on April 15, 2014, is that the Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity.

In order to help compliance professionals prepare and assess their firms’ responsive cybersecurity preparedness, OCIE has created a sample cybersecurity request document that outlines the types of questions firms can expect. OCIE is good to point out that these questions should not be considered all inclusive of the information that OCIE may request. OCIE will alter its request for information as it considers the specific circumstances presented by each firm’s particular systems or information technology environment.

You can find the Risk Alert and questions HERE.

Now What? Preparing for the SEC Cybersecurity Exam

The SEC was kind enough to provide a proverbial map of the directions it may take during a cybersecurity exam; now firms need to assess their internal processes and procedures as well as supporting technology. It is important to note that the SEC is just as interested in your Written Information Security Policy (WISP) as they are in your technology safeguards.

The areas the SEC outlined include:

  • Identification of Risks/Cybersecurity Governance

  • Protection of Firm Networks and Information

  • Risks Associated with Remote Customer Access and Funds Transfer Requests

  • Risks Associated with Vendors and Other Third Parties

  • Detection of Unauthorized Activity

  • Other: Identity theft red flags; Security breach incidents; Reported incident history.

Here at Eze Castle Integration, we are going through the questionnaire and beginning to work with clients to answer the various sections. Our WISP team is also on-call to begin the process of developing more comprehensive internal and external policies and procedures around security.

Your IT provider should be able to provide assistance, but policies and procedures are key too. 

Cybersecurity Hedge Fund Report


Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!