Don't Forget to Share this Post

Create Information Security Plans, SEC Tells Advisers

By Mary Beth Hamilton | Thursday, June 11th, 2015

Welcome to the third installment of our SEC Cybersecurity Guidance Update video series. Our third (and last) video covers what the SEC is telling registered investment advisers about having written information policies and procedures. You can watch the first two videos below or HERE and HERE.


Contact Eze Castle Integration for help in creating a Written Information Security Plan.

Read the Highlights

First up, the SEC advises firms to have a Written Information Security Policy that includes:

  • A Business Operations Assessment,

  • Technical Policy Assessment,

  • Regulation Requirement Overview,

  • Cybersecurity Incident Response Guidelines,

  • Third Party Risk Assessment Guidance, and

  • Employee Guidelines

Next, ensuring clear ownership of the firm’s cybersecurity plans is critical. A CISO or Incident Response team should be appointed to facilitate rapid resolution following an incident. Key elements of a response plan should include:

  • Appropriate identification and escalation of incidents;

  • Communication to internal and external parties; and

  • Mitigation of risk and exposure.

Employees are oftentimes cited as a firm’s greatest weakness, but they can also act as your firm’s first line of defense against security threats. Conduct proper employee training on information security via online tools, tabletop exercises and scenario planning. Also be prepared to educate investors about the safeguards your firm has implemented to counteract security threats. You’ll also want to ensure any third party providers with access to your data are implementing equally stringent policies.

Watch Part 1: Recapping SEC Cyber Risk Guidance on Assessments



Watch Part 2: SEC Cyber security Guidance on Strategy


Contact Eze Castle Integration for help in creating a Written Information Security Plan.

Hedge Fund Cybersecurity Info Center
Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!