Observations From SEC Cybersecurity Examinations

posted in: Privacy & Data Security | 0

Cybersecurity is all the rage and appropriately, the SEC recently concluded its second cybersecurity exam initiative of investment advisers, broker-dealers and investment companies.

The examinations focused on the firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were implemented and followed. In addition, the SEC sought to better understand how firms managed their cybersecurity preparedness by focusing on the following areas: (1) governance and risk assessment; (2) access rights and controls; (3) data loss prevention; (4) vendor management; (5) training; and (6) incident response.

You can access the complete report here.