The Securities and Exchange Commission's (SEC's) exam divisionreleased on Monday a guide to best practices it's observed in examsto combat cybersecurity infractions, data loss, and privacybreaches.
|In its 13-page Cybersecurity and Resiliency Observationsreport, the Office of Compliance Inspections and Examinations(OCIE) details practices examiners have observed in the followingareas: governance and risk management, access and controls, dataloss prevention, mobile security, incident response and resiliency,vendor management, and training and awareness.
|In sharing the staff observations, OCIE said that it encouragesmarket participants to review their practices, policies, andprocedures with respect to cybersecurity and operationalresiliency.
|"We believe that assessing your level of preparedness andimplementing some or all of the … measures will make yourorganization more secure," the report states.
|"As markets, market participants, and their vendors haveincreasingly relied on technology, including digital connectionsand systems, cybersecurity risk management has become essential,"the report adds.
|"Indeed, in an environment in which cyber threat actors arebecoming more aggressive and sophisticated—and in some cases arebacked by substantial resources including from nation-stateactors—firms participating in the securities markets, marketinfrastructure providers, and vendors should all appropriatelymonitor, assess, and manage their cybersecurity risk profiles,including their operational resiliency."
|In the area of mobile security, for instance, "mobile devicesand applications may create additional and unique vulnerabilities,"the report notes.
|OCIE has observed the following mobile security measures atorganizations utilizing mobile applications:
- Policies and procedures. Establishing policies and procedures for the use of mobiledevices.
- Managing the use of mobiledevices. Using a mobile device management(MDM) application or similar technology for an organization'sbusiness, including email communication, calendar, data storage,and other activities. If using a "bring your own device" policy,ensuring that the MDM solution works with all mobile phone/deviceoperating systems.
- Implementing securitymeasures. Requiring the use of multi-factorauthentication for all internal and external users. Taking steps toprevent printing, copying, pasting, or saving information topersonally owned computers, smartphones, or tablets. Ensuring theability to remotely clear data and content from a device thatbelongs to a former employee or from a lost device.
- Training employees. Training employees on mobile device policies and effectivepractices to protect mobile devices.
|
From: ThinkAdvisor
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
- Exclusive discounts on ALM and Treasury & Risk events.
- Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.
*May exclude premium content
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.