Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

SEC Publishes Cybersecurity Practices of Financial Industry

The US Securities and Exchange Commission (SEC) has published a 10-page document detailing cybersecurity practices observed to be in use in the financial industry.

The observations were gathered by the SEC's Office of Compliance Inspections (OCIE) and are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants.

OCIE issued the examination observations yesterday on the SEC website with the hope of providing firms with guidelines for how to strengthen their cybersecurity. 

The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They also examine how companies have responded with resiliency in the wake of a cybersecurity incident. 

While acknowledging that there is no one-size-fits-all approach when it comes to cybersecurity, OCIE recommended establishing an incident response plan and contacting local authorities or the Federal Bureau of Investigation (FBI) if an attack or compromise is discovered or suspected. 

Training employees on how to detect threats was advised, along with implementing a mobile device management solution for the workplace that covered all devices used by employees under a "bring your own device" policy.

"Through risk-targeted examinations in all five examination program areas, OCIE has observed a number of practices used to manage and combat cyber risk and to build operational resiliency," said Peter Driscoll, director of OCIE. 

"We felt it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cybersecurity practices."

To prevent data loss, OCIE recommended establishing a patch management program covering all software and hardware and verifying that the decommissioning and disposal of any hardware and software does not create system vulnerabilities.  

"Data systems are critical to the functioning of our markets, and cybersecurity and resiliency are at the core of OCIE’s inspection efforts," said SEC chairman Jay Clayton. 

"I commend OCIE for compiling and sharing these observations with the industry and the public and encourage market participants to incorporate this information into their cybersecurity assessments."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Citrix Flaw Exploited by Ransomware Attackers

2
News

Major Canadian Military Contractor Compromised in Ransomware Attack

3
News

Chrome and Firefox Clamp Down on Suspicious Behavior

4
News

US Space Industry to Launch Cybersecurity Portal

5
News

Staff Send 130+ Emails Per Week to Wrong Recipient

6
News

US Issues Cybersecurity Warnings Over Flawed Medical Devices

1
News

SEC Publishes Cybersecurity Practices of Financial Industry

2
News

UK Medical Products Manufacturer Shuts Plant Following Breach

3
News

NFL Twitter Accounts Hacked One Week Before Super Bowl

4
Interview

Interview: Jonathan Armstrong, Partner, Cordery

5
News

Suspected Magecart Hackers Arrested in Indonesia

6
News

Staff Send 130+ Emails Per Week to Wrong Recipient

1
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

2
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

3
Webinar

New Year, New Decade, New Threats and Challenges

4
Webinar

Making a SOAR Strategy Work For You

5
Webinar

Strategies to Scale and Upskill Your Security Team

6
Webinar

Identifying and Defending Against Advanced and Automated Attacks

1
Blog

How 2019’s Worst Corporate Hacks Could Have Been Prevented

2
Blog

Security by Sector: Travel and Hospitality Industries Extend Security-Sharing Community

3
Blog

How to Prevent Your Business Being Hacked

4
Interview

Interview: Timur Kovalev, Chief Technology Officer, Untangle

5
News Feature

Rolling Vulnerability and Patch Management into Detection and Response

6
Opinion

Do We Need More Cyber Hygiene?