alex_aldo - Fotolia
The Securities and Exchange Commission's Office of Compliance Inspections and Examinations released a Risk Alert recently that provided further cybersecurity guidance for financial services firms, with specific focus on protecting broker-dealer and investment advisor customer information. What are the takeaways from this latest SEC Risk Alert?
The SEC recently announced the findings of its recent Cybersecurity Examination Initiative, which is an effort to address the numerous data breaches and cyberattacks against financial services firms. The initiative, according to the SEC, is designed to "build off OCIE's previous examinations" and concentrate more on cybersecurity preparedness. Based on the findings of the Cybersecurity Examination Initiative, the SEC informed regulated financial services firms that it will focus on six key areas in upcoming examinations. Financial services firms subject to examination by the OCIE should review their practices in each of these six areas to increase the likelihood of a favorable result on future examinations. The areas of focus are:
- Governance and risk assessment
- Access rights and controls
- Data loss prevention
- Vendor management
- Incident response
These six areas will be the focus of upcoming examinations, but they are only a small portion of the requirements subject to audit under the program. Firms subject to these assessments should review the full SEC Risk Alert: OCIE's 2015 Cybersecurity Examination Initiative.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)
Check out the trends from the previous SEC report
Learn how to handle ending a vendor relationship
Find out the effects of the FTC controlling cybersecurity regulations
Dig Deeper on Data privacy issues and compliance
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.