Upload File

cybersecurity strategies - … · 10 ocie risk alert provides a virtual cybersecurity compliance...

  • Home
  • Documents
  • CYBERSECURITY STRATEGIES - … · 10 OCIE risk alert provides a virtual cybersecurity compliance template ... Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition
3
CYBERSECURITY STRATEGIES to Ensure SEC Compliance 2ND EDITION ©2017 IA Watch. All Rights Reserved. ARGSECCG2 CYBERSECURITY Strategies to Ensure SEC Compliance 2nd Edition ©2018 IA Watch. All Rights Reserved. ARGSECCG2

Upload: phungdat

Post on 18-Aug-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: CYBERSECURITY STRATEGIES - … · 10 OCIE risk alert provides a virtual cybersecurity compliance template ... Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition

CYBERSECURITY STRATEGIES

to Ensure SEC Compliance2ND EDITION

©2017 IA Watch. All Rights Reserved. ARGSECCG2

CYBERSECURITY Strategies to Ensure

SEC Compliance

2nd Edition

©2018 IA Watch. All Rights Reserved. ARGSECCG2

Page 2: CYBERSECURITY STRATEGIES - … · 10 OCIE risk alert provides a virtual cybersecurity compliance template ... Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition

Cybersecurity Strategies to Ensure SEC Compliance - 2nd Edition

Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition

Table of Contents

Cybersecurity Best Practices and Guidance

1 Introduction .................................................................................... 1

2 Amid widening attacks, cybersecurity solutions run the gamut......... 5

3 An unpleasant surprise: Peer shares horror of a ransomware attack .................................................................. 8

4 Would cybersecurity concerns cause you to question uploading sensitive records to the SEC? ....................................... 10

5 What’s this ‘NIST cybersecurity framework’ everyone keeps talking about? .................................................................... 12

6 Hack of SEC’s EDGAR system increases concerns over CAT data security ........................................................................ 18

7 Advisers react to Equifax hack attack with client safety facts ......... 20

8 Tips to shore up your cybersecurity efforts .................................... 21

9 Cybersecurity confidence a concern for many firms ....................... 24

10 OCIE risk alert provides a virtual cybersecurity compliance template ....................................................................25

11 IAs falling short on plans for notifying customers of material cybersecurity events ........................................................27

12 Data breach costs rising in U.S. and declining globally, study reveals ............................................................................... 29

13 OCIE issues cybersecurity risk alert as WannaCry goes global .................................................................................. 31

14 Colorado is the latest state to propose cybersecurity requirements for IAs/B-Ds ............................................................33

15 As more details emerge about cyber incident, effective solutions can seem elusive ...........................................................35

16 A breach likely will require notification to clients ............................. 38

17 Time matters if your firm finds itself under a ransomware attack ...................................................................... 39

18 When building your cybersecurity defenses, don’t forget staff’s remote access ..........................................................42

19 Breach offers lessons for how cyber shenanigans can occur – and be detected ....................................................... 44

20 Five steps to take when you suspect you’re a victim of a cyber attack ......................................................................... 46

COPYRIGHT INFORMATION:

Published by Simplify Compliance & IA Watch9737 Washingtonian Blvd., Ste. 502Gaithersburg, MD 20878-7364www.iawatch.comwww.regcompliancewatch.com

Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition

Publisher: Hugh Kennedy | 1-844-421-6333, ext. 4030 | [email protected]

Copyright ©2018 IA Watch. All Rights Reserved. Copyright violations will be prosecuted. IA Watch shares 10% of the net proceeds of settlements or jury awards with individuals who provide essential evidence of illegal photocopying or electronic redistribution. To report violations contact: Jim Beecher, President, 9737 Washingtonian Blvd., Ste. 502, Gaithersburg, MD 20878. Confidential line: 1-844-421-6333, ext. 4051; e-mail: [email protected].

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, without permission in writing from the publisher. Reprint permission is available by calling Stuart Gilman at 1-844-421-6333, ext. 4040 or via email: [email protected]

PUBLISHED BY:

9737 Washingtonian Blvd., Suite 502Gaithersburg, MD 20878-7364www.iawatch.com1-844-421-6333

Page 3: CYBERSECURITY STRATEGIES - … · 10 OCIE risk alert provides a virtual cybersecurity compliance template ... Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition

Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition

Cybersecurity Strategies to Ensure SEC Compliance - 2nd Edition

21 Establishing a breach response plan that you hope you’ll never have to turn to ............................................................ 48

22 FinCEN encourages use of SARs to report cybersecurity events, N.Y. proposes rule ............................................................ 50

23 Cybersecurity: Tackling the all-important data classification policy ....................................................................... 51

24 Don’t keep your head in the clouds when your files reside there ..... 53

Cybersecurity Sample Documents, Tools and Policies

The companion CD features the tools printed in this handbook.

1 Guide to Using OCIE’s Encrypted E-mail System .......................... 57

2 The NIST Cybersecurity Framework in Excel ................................ 69

3 A Cybersecurity Checklist for Small Firms .................................... 77

4 A Data Breach Incident Response Plan ........................................ 81

5 Cybersecurity Security Roles and Responsibilities ........................ 95

6 OCIE Cyber Sweep Letter #2 ....................................................... 99

7 FinCEN FAQs on Reporting Cyber-Events on SARs .................... 109

8 A Sample Data Classification Policy (#1) ......................................117

9 A Sample Data Classification Policy (#2) ..................................... 125

10 A Sample Data Classification Policy (#3) ..................................... 129

11 A Cybersecurity Incident Response Plan .................................... 135

12 A Remote Access Control P&P ...................................................141

13 A Cybersecurity Due Diligence Questionnaire for Vendors ...........151

14 An example of an IA Cybersecurity Plan ...................................... 155

15 Examples of Cybersecurity Tests ................................................171

16 A Sample Cybersecurity P&P ..................................................... 175

SEC Risk Alerts Specific to Cybersecurity

1 OCIE Cybersecurity Risk Alert (August 2017) ............................. 185

2 OCIE Cybersecurity Ransomware Alert (May 2017) ................... 193

3 OCIE Cybersecurity Risk Alert (September 2015) ........................197

4 OCIE Cybersecurity Risk Alert (April 2014) ................................. 207

Investment Management Guidance

1 Cybersecurity Guidance from the SEC’s Investment Management Division (2015) ...................................................... 221


Cybersecurity and Resiliency Observationsthat provides cybersecurity-related information and guidance. 2. Cybersecurity is also a key priority for OCIE. OCIE has highlighted information

77081 Global cybersecurity compliance integrity · 2020-05-11 · Global cybersecurity compliance integrity A daunting but manageable challenge 3 The challenge of global cyber compliance

Four important take-aways - Warner Norcross...a sample cybersecuriw document request in the Appendix to this Risk Alert. Volume IV, Issue 2 OCIE CYBERSECURITY INITIATIVE Introduction

Ocie Price List

On Medical Device Cybersecurity Compliance in EU

COMPLIANCE DOCUMENTATION WHAT CYBERSECURITY

SAFETY, RISK AND COMPLIANCE CYBERSECURITY TRAINING …€¦ · SAFETY, RISK AND COMPLIANCE CYBERSECURITY TRAINING SOLUTIONS Addressing the Human Element in Your Cyber Program Cyber

Authority-to-Operate –Navigating DoD Cybersecurity Compliance

Cybersecurity & Data Protection: Thinking About Risk & Compliance

OCIE Cybersecurity

U.S. Securities and Exchange Commission’s (SEC) Office of ... · PDF fileExaminations (OCIE) Cybersecurity Initiative Audit ... Compliance Inspections and Examinations (OCIE) Cybersecurity

Cybersecurity overview - Open source compliance seminar

Cybersecurity: How to Protect Your Businesssouthfloridafpa.org/wp...How-to...Presentation.pdf · Expectations are Articulated in Regulatory Guidance qSEC OCIE National Exam Program

Mounting challenges in cybersecurity compliance

ocie tactical locker - Engineered Shelving

U.S. Securities and Exchange Commission’s Office of Compliance ... Services/Solutions... · Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE)

FINRA Cybersecurity Compliance Update 2015

Cybersecurity for Energy: Moving Beyond Compliance

Legal Disclaimer - Cybersecurity and HIPAA Compliance

ocie guide - Army

Cybersecurity for In-House Counsel: Achieving Compliance ... › uploads › medium › resource › ... · 10/19/2016  · Cybersecurity for In-House Counsel: Achieving Compliance

U.S. Securities and Exchange Commission’s Office of ...d0.awsstatic.com/whitepapers/compliance/AWS_SEC_Workbook.pdfOffice of Compliance Inspections and Examinations (OCIE) ... Amazon

NANODEGREE PROGRAM SYLLABUS Introduction to Cybersecurity · 2020. 12. 30. · Course 4: Governance, Risk, and Compliance Cybersecurity Governance, Risk, and Compliance (GRC) has

Privacy & Cybersecurity Compliance in the Post-Snowden World

Cybersecurity and Compliance presented by BAE 4-17-14

Overview of SEC Enforcement Investigations · 2016. 10. 10. · Compliance Inspections and Examinations (“OCIE”) through ... issue subpoenas without Commission approval. The Commissioners

Cybersecurity in Government: Strategy, Collaboration, and Compliance

HONEYWELL FORGE CYBERSECURITY PLATFORM€¦ · PERA, ISO 27001 and ISA/IEC-62443), Honeywell Forge Cybersecurity Platform improves the cybersecurity compliance posture across industrial

NYS DFS CYBERSECURITY COMPLIANCE: NEXT STEPSfntgnyagencymarketing.com/wp-content/uploads/2017/... · NYS DFS CYBERSECURITY COMPLIANCE: NEXT STEPS Presented by: ... Chris has represented

GAO-20-241, Accessible Version, CYBERSECURITY: DOD Needs ... · Cybersecurity Culture and Compliance Initiative (DC3I), (2) the 2015 Cybersecurity Discipline Implementation Plan (CDIP),

How to implement a sustainable Cybersecurity compliance framework

Cybersecurity/Information Assurance Workforce Management, Oversight, and Compliance

U.S. Securities and Exchange Commission’s (SEC) Office of ... · Compliance Inspections and Examinations (OCIE) Cybersecurity Initiative audit guide has been designed by AWS to

Chief Compliance Officer’s (CCO’s) Role in Cybersecurity ... · Chief Compliance Officer’s (CCO’s) Role in Cybersecurity (Cybersecurity Track) Panelist Bios: Moderator: Kevin

Winning Tactics for Cybersecurity Compliance