Eze Castle Integration Eze Castle Integration

Eze Castle Blog

> Subscribe to Blog Entries about Hedge Fund Regulation RSS

4 Common IT Challenges for Alternative Investment Firms

By Olivia Munro,
Thursday, November 1st, 2018

For alternative investment firms, there a number of business and operational challenges to navigate on a daily basis. With the evolving IT landscape and new technologies and best practices emerging, it can be difficult to stay up to speed. Here, we’ll outline four common IT challenges for alternative investment firms.

1.) Cybersecurity

With the security landscape becoming more complicated, it can be a challenge for alternative investment firms to stay up to date with the latest and greatest trends and technologies in security. Hackers are becoming more sophisticated, and social engineering attacks are on the rise, so it is crucial to ensure that your firm has the right protections and level of security to keep your confidential information safe.

To decipher which means of security are right for your firm, you need to look at your company size and risk profile. Suffering a breach or acybersecurity incident can be harmful to your organization’s reputation, which in turn is harmful to your bottom line. You can use our Cybersecurity Checklist to see the technologies and safeguards Eze Castle offers based on which tier you choose, Standard or Advanced.

2.) Adopting New Technology

Technology adoption is a common challenge for firms of all sizes. Smaller firms may not have the budget or resources to dedicate to the adoption of new technology, while larger firms face their own set of challenges, with more end-users, and potentially bandwidth restrictions of their own.

Whether adopting new applications or migrating to the cloud, having a trusted third-party vendor to guide you through the selection and implementation process can be invaluable. Using these vendors as consultants can help your firm navigate IT and technology decisions and choosing the best fit for your firm. When choosing a vendor for your technology needs, be sure to choose a firm with industry leading, best-of-breed solutions and 24x7x365 support.

Categorized under: Trends We're Seeing  Cloud Computing  Security  Operational Due Diligence  Outsourcing  Hedge Fund Operations  Hedge Fund Regulation 



The Starting Blocks to Bulletproofing Your Network

By Olivia Munro,
Thursday, August 9th, 2018

Today, security threats are ever present and constantly evolving, keeping firms on their toes and cybersecurity in the headlines. Financial institutions need to ensure that their network and systems are running smoothly and their data is safe and sound. At Eze Castle Integration, we believe in employing a layered approach to cybersecurity, meaning, having layers of technology in addition to policies and procedures in place to ensure security. Some of our top tips for bulletproofing your firm's network include:

The Basics

On a basic level, firms should utilize anti-virus software and network firewalls, which will reduce traffic to the firm's network. Ensure that anti-virus software and all programs are up to date so that hackers and malware aren't able to sneak into the system. Additionally, making sure that all Microsoft patches are deployed in a timely manner is a security best practice, and there can be serious implications on your firm's security if you are not patching properly

Active Threat Protection

With Eze Active Threat Protection, or Eze ATP, firms can take a fully managed approach to secure their network. Eze ATP has a three step approach to threat protection:

  • Intrusion Prevention

  • 24x7 Monitoring

  • Incident Response

 

Categorized under: Security  Outsourcing  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Software  Trends We're Seeing 



Making a Case for the Cloud to Your CXOs

By Eze Castle Integration,
Tuesday, June 5th, 2018

As your firm's IT Manager or Chief Technology Officer, you may be tasked with evaluating and directing the strategic technology initiatives at your firm. Unfortunately, this doesn’t always mean that you have the final say on how and when your firm makes technology-related decisions. That responsibility, in many cases, falls to the Chief Operating Officer or Chief Financial Officer, and in many cases, that individual does not have a technology background. It’s up to you, then, to ensure you provide your CXOs with the right information to make an informed decision about your firm’s technology foundation.
 
To assist in this process, lets walk through some of the primary considerations senior management (C-level execs) will weigh when evaluating a to the cloud. 

Cloud Migration Drivers: Is Cost Always the Primary Factor?

Many CFOs feel the best way to justify a new technology to non-technical senior management is to provide a sound and logical cost comparison. And when it comes to the cloud, yes – cost is a big factor and a serious selling point.

Categorized under: Cloud Computing  Security  Outsourcing  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing  Videos And Infographics 



What is the Difference Between a Written Information Security Plan and a Business Continuity Plan?

By Olivia Munro,
Tuesday, May 15th, 2018

There is no doubt that in today's world, data security and privacy is a hot topic. With the upcoming General Data Protection Regulation (GDPR) in the EU and cybersecurity constantly being in the headlines, investment firms are constantly facing scrutiny and questions from investors on what measures they take to secure their data. While most organizations have a formal cybersecurity posture, it is also crucial to have a Written Information Security Plan, also known as a WISP, and a Business Continuity Plan, also known as a BCP. While these are both formal plans to protect your organization, many firms confuse the two.

What is a Written Information Security Plan (WISP)?

A WISP details policies and procedures for ensuring confidential data is protected, how it is being protected, and who is ensuring it is protected. A WISP includes both administrative and technical safeguards that your organization has in place. Anyone or any company that has access to client or employee information needs to make sure that they implement the appropriate level of both administrative and technical safeguards.

Some examples of administrative safeguards include:

  • Definitions of confidential data and how it is protected

  • Where confidential data is located (shared drive, externally hosted, hard copy format, etc.)

  • Monitoring who has access to confidential data and ensuring only the necessary people are able to access the data

  • Roles and responsibilities for responding to a data breach or cyber incident and internal and external communication procedures for responding to incidents

Categorized under: Security  Operational Due Diligence  Outsourcing  Hedge Fund Operations  Hedge Fund Regulation  Business Continuity Planning  Trends We're Seeing 



The Steps to Create Information Security Plan (Part 2)

By Olivia Munro,
Thursday, April 19th, 2018

In our previous post, we outlined what an information security plan is, why your firm needs one, and the first three steps of building a plan. Now, let's dive into steps four through nine on building an Information Security Plan to protect your firm.

Steps to Create an Information Security Plan:

Step 4: Classify Data

Step 5: Evaluate Available Security

Step 6: Perform a Cyber Risk Assessment

Step 7: Perform a Third-Party Risk Assessment

For a list of questions to ask and pro-tips, download the full eBook "9 Steps to Create an Information Security Plan".

Step 8: Create an Incident Response Plan
 

Step 9: Training and Testing Employees

Connect with Eze Castle Integration today to learn more!

Categorized under: Security  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



9 Steps to Create Information Security Plan (Part 1)

By Olivia Munro,
Tuesday, April 17th, 2018

In part one of this two-part blog series, we'll cover what an information security plan is, why your firm needs one, and the first three steps to create a plan. 

What is an Information Security Plan?

An information security plan is documentation of a firm's plan and systems put in place to protect personal information and sensitive company data. This plan can mitigate threats against your oganization, as well as help your firm protect the integrity, confidentiality, and availability of your data.

Steps to Create an Information Security Plan:

Step 1: Perform a Regulatory Review and Landscape

Step 2: Specify Governance, Oversight & Responsibility

Step 3: Take Inventory of Assets

In our next blog post, we'll continue the series and post steps four through nine on how to create an information security plan. You can also download our eBook to get a comprehensive list of the nine steps, including pro-tips and resources relevant to financial firms.


Categorized under: Cloud Computing  Security  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



IT Trends Watch: Cybersecurity + Cloud Outsourcing

By Olivia Munro,
Thursday, March 15th, 2018

With the technology landscape evolving at such a fast pace, it is crucial to keep an eye on IT trends throughout the year. Some common themes to watch in IT: Cybersecurity and Cloud Outsourcing.

Cybersecurity

Cybersecurity continues to take center stage in IT Trends for 2018. With past and recent cybersecurity breaches like WannaCry, the Equifax breach, and others, the financial industry, and all industries really, are on high alert to ensure that their organization doesn’t fall victim to one of these popular attacks.

Phishing & Social Engineering

Tying into Cybersecurity, phishing and social engineering continue to be a challenge for organizations. With phishing and social engineering schemes becoming more sophisticated and hackers becoming more advanced, it is crucial to keep this top of mind to avoid financial or personal loss. For tips to combat phishing and social engineering, register for our webinar on March 28th and hear from Eze Castle’s Phishing and Social Engineering experts on steps your firm can take to mitigate risks from these types of attacks.

Categorized under: Trends We're Seeing  Cloud Computing  Security  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure 



Completing Your Post IT Audit Homework

By Olivia Munro,
Thursday, February 1st, 2018

So you took all the steps to prepare for your technology and cyber audit, and you still received findings. That is to be expected! Most organizations come away with findings post-audit as there is always room for improvement.  It can be especially overwhelming to prioritize the findings, especially if your firm comes away with a long list of action items.

Common findings after a technology and cyber audit include:

  • Missing policies: Password policies or Access Control policies

  • Complying with the rules, but not providing proper documentation to verify that you are doing so

  • Providing non-specific timelines in your documentation

  • Documentation lacking how you measure and track remote testing, training and scope

  • Inaccuracies in products, service descriptions or deliverables

  • Complying with the rules, but not providing proper documentation to verify that you are doing so

  • Providing non-specific timelines in your documentation

  • Documentation lacking how you measure and track remote testing, training, scope

Where should your firm start with the findings? How much will it cost? What is necessary and what is considered inessential or overkill? These are all valid questions we hear every day from firms after an independent audit.

Categorized under: Hedge Fund Regulation 



12 Steps to Prepare for an Upcoming Tech & Cyber Audit

By Olivia Munro,
Tuesday, January 30th, 2018

All too often we hear from firms before an audit asking what they can do to make the audit process go as smoothly as possible. Fortunately, there are steps you can take to ensure a stress-free audit. In this two-part blog series, we will help you create a checklist to prepare for your audit and also remediate the findings post-audit.

12 Steps to Prepare for an Upcoming Audit:

  1. Notify internal and external partners that an audit is happening.

    Your team and partners should be prepared to act quickly to remediate the findings or provide any documentation the auditors request. Ask for any updated documentation or information that would be included within audit.

  2. Understand what you have: perform a technology and asset inventory.

    Understanding what your firm has in terms of assets in the form of both hardware and software can help your firm prepare for an audit.

  3. Prepare to ask your auditor for a document checklist to make sure you have everything located and prepared.

    Having documents in one central location can save both your auditors and your team time and stress.

  4. Ensure that your firm has a log of relevant written policies or procedures.

    Having proper documentation of all administrative policies ahead of time and in a central location can save your team from scrambling during the audit.

Categorized under: Cloud Computing  Security  Operational Due Diligence  Hedge Fund Operations  Hedge Fund Regulation 



9 Steps to Create an Information Security Plan (Webinar Replay)

By Olivia Munro,
Tuesday, January 16th, 2018

In today's changing regulatory and investor landscape, Information Security Plans are critical for hedge funds and investment management firms to comply with SEC regulations, due diligence requests and state laws. In our recent webinar, we had our in-house information security experts weigh in on Information Security Plans: what they are, why they are important, and the 9 steps your firm can take to create one.

What is an Information Security Plan and Why Have One?

An information Security plan can take on many forms, but generally it is a collection of policies and procedures around your information and data security. Some plans encapsulate all firm policies and procedures relating to data, and others work on a high level to give visibility and appease regulators. It is important to note that there are different ways to approach and prepare a firm for cybersecurity related risks and regulatory requirements to the business. Having an Information Security Plan is crucial because it is not a matter of if, but when, your firm will need a plan in place to react to an information security incident.

9 Steps to Create an Information Security Plan:

  1. Regulatory Review and Landscape 

    All businesses have requirements, and your firm needs to know what is necessary from a regulatory perspective. Requirements can come from international bodies, federal agencies, state, or even industry specific bodies, inaddition to external pressures that can come from investors, auditors, and external partners.

  2. Governance Oversight and Responsibility 

    Everyone within your organization has a role in information security, but creating a (CISRT) Computer Information Security Response Team to make sure that all employees within the company follows policy can ensure internal compliance.

Categorized under: Security  Hedge Fund Regulation 



View earlier posts in the archive

Recent Posts / All Posts