Don't Forget to Share this Post

SEC Cybersecurity Risk Update, Part 2: Prevent, Detect, Respond

By Kaleigh Alessandro | Tuesday, June 9th, 2015

In Part 1 of the SEC's recent cybersecurity guidance update, the regulatory body highlighted the need for cyber risk assessments across multiple areas of a registered firm's organization. Continuing to address how firms should prepare for security incidents beforehand, Part 2 of the SEC's guidance update focuses on how hedge funds and registered investment advisers should prevent, detect and respond to security incidents.

Take a look at the latest installment of our video series or scroll down to read a brief recap.

Read the Highlights

Part 2 of the SEC's cybersecurity guidance is focused on preventing, detecting and responding to cybersecurity incidents, both from a technical and operational standpoint. Here are some highlights:

  • Employ a security strategy that features layers of security to protect all systems and data. This includes everything from anti-virus software and hardware and software firewalls to intrusion detection systems, encryption technology and application filters.

  • The next step is controlling access. At Eze Castle Integration, we recommend employing the principle of least privilege across all systems and data, thereby limiting access to only those who need it.

  • When classifying data, firms should identify what data needs to be encrypted. Confidential data should be encrypted in transit, and some firms may determine certain critical information must be encrypted at rest, as well.

  • The SEC also advises firms to restrict the use of removable storage media and to deploy software that monitors technology systems for unauthorized intrusions.

  • A backup and retrieval process is also critical to allowing firms to recover should a cybersecurity attack occur.

  • Finally, rapid incident response is essential to minimizing the impact of a security breach. With a comprehensive incident response plan in place and well-communicated, employees can act swiftly and businesses can resume normal operations in a timely manner.

For more information on cybersecurity risk preparedness, visit our Hedge Fund Cybersecurity Information Center.

Watch Part 1: Recapping SEC Cyber Risk Guidance on Assessments

.
 

Hedge Fund Cybersecurity Info Center
Don't Forget to Share this Post

Related Posts

Q&A Summary of Major Themes and Takeaways from ECI’s Webinar on New SEC Cybersecurity Rules
Webinar Recap: What Financial Firms Need to Know About Upcoming SEC Rules on Cybersecurity, Part 2
Webinar Recap: What Financial Firms Need to Know About Upcoming SEC Rules on Cybersecurity, Part 1
Why Your Firm Needs a Governance, Risk and Compliance (GRC) Program
A Comprehensive Approach to Security Automation
A “Just Right” Approach for Just-in-Time Access Management

How Can Eze Castle Integration help you?Contact us today!

Contact Us