The SEC Has Published A Cybersecurity Preparedness Guide, Will You Pass The Audit?

Thursday, April 17, 2014 13:37
The SEC Has Published A Cybersecurity Preparedness Guide, Will You Pass The Audit?

Tags: cybersecurity audit | exam | OCIE | sec

The U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker-dealers and (RIA) registered investment advisers, focusing on areas related to cybersecurity.

This Website Is For Financial Professionals Only

On March 26, 2014 the SEC sponsored a Cybersecurity Roundtable.  During the discussions the importance of gathering information and considering what additional steps should be taken to address cyber-threats was emphasized.


Examinations are designed to assess cybersecurity preparedness in the securities industry and to obtain information about the industry’s recent experiences with certain types of cyber threats.  These examinations will focus on:


1.  Your cybersecurity governance

2.  Identification and assessment of cybersecurity risks

3.  Protection of networks and information

4.  Risks associated with remote client access and funds transfer requests

5.  Risks associated with vendors and other third parties

6.  Detection of unauthorized activity

7.  Experiences with certain cybersecurity threats


The Commission has provided a sample request to help all firms be prepared for this examination:


What would happen if your firm did not pass one of these audits?  Do you think your clients would feel safe trusting you with their sensitive information?  Making sure the points listed in the document above are covered is important, but it can also be technical and time consuming.


The best attack plan is to put together a team of professional that specialize in each area.  The team should consist of a law firm, an accounting firm, and an IT security firm such as Financial Computer Services.


With ProtectIT from Financial Computer Services you will be able to show your firm’s networks and systems are up to date and secure.  Our continuous reporting system can compile all of the information you will need, to provide an auditor, in minutes not days.  ProtectIT will assist with the following points the exam will focus on; the identification and assessment of cybersecurity risks, protection of networks and information and the detection of unauthorized activity.


To read more:

Comments (0)

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.