SEC Publishes Cybersecurity Practices of Financial Industry

The US Securities and Exchange Commission (SEC) has published a 10-page document detailing cybersecurity practices observed to be in use in the financial industry.

The observations were gathered by the SEC's Office of Compliance Inspections (OCIE) and are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants.

OCIE issued the examination observations yesterday on the SEC website with the hope of providing firms with guidelines for how to strengthen their cybersecurity. 

The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They also examine how companies have responded with resiliency in the wake of a cybersecurity incident. 

While acknowledging that there is no one-size-fits-all approach when it comes to cybersecurity, OCIE recommended establishing an incident response plan and contacting local authorities or the Federal Bureau of Investigation (FBI) if an attack or compromise is discovered or suspected. 

Training employees on how to detect threats was advised, along with implementing a mobile device management solution for the workplace that covered all devices used by employees under a "bring your own device" policy.

"Through risk-targeted examinations in all five examination program areas, OCIE has observed a number of practices used to manage and combat cyber risk and to build operational resiliency," said Peter Driscoll, director of OCIE. 

"We felt it w ..

Support the originator by clicking the read the rest link below.