Early this month the SEC Division of Investment Management issued an investment Management Guidance Update on cybersecurity. The guidance identifies several measures investment advisors and investment managers should consider implementing as they continue to build their cyber security strategy.
Some requirments include:
A designated information security professional handling all cyber matters.
Periodic risk assessments that evaluate data classification, data storage and transmission, vulnerabilities across the network, controls and processes in place, potential systems impact, and overall IT governance;
Action plans to prevent, mitigate, detect, and respond to cyber incidents, including institution of technology processes and controls and incident planning;
Adoption of written information security policies and incident response plans, as well as staff training
Ongoing threat intelligence and awareness; and
Service provider review, oversight, and management.
Firms should not view this information as the SEC attempting to control their actions. This mandate is to protect the firms assets, its' people, private investors and institutional investors. At Knox, we want firms to trade, advise and invest with a clear mind knowing their business and livelihood is protected from threats and regulatory fines.
For more information, please contact us!