Cybersecurity Initiative – Compliance Building

When You Look And Find That You Are The Problem

Doug Cornelius September 21, 2017September 26, 2017 Cybersecurity [+]

Cybersecurity is hard. It’s nearly impossible to stop an attack. If someone really wants in, they can continue to attack and attack until they find a gap. It’s hard to know that you have been breached until well after the breach. It may be just as hard to figure out what was accessed and what … Read more »

The SEC’s Cybersecurity Smackdown

Doug Cornelius September 25, 2015September 26, 2017 Cybersecurity [+]

Last week the Securities and Exchange Commission issued a new risk alert on cybersecurity and this week the SEC announced a new action for a cybersecurity breach. The action is just as bad as I thought it could be. It also shows that the SEC is misplaced in being a cybersecurity enforcer. R.T. Jones Capital … Read more »

Cybersecurity Exams Part II: More Governance

Doug Cornelius September 16, 2015September 26, 2017 Cybersecurity [+]

Last year, the Securities and Exchange Commission raised a cloud of concern when it started its cybersecurity initiative aimed at broker/dealers, investment advisers and fund managers. Based on an interview in April it seems that initiative would continue into a phase 2. The SEC recently released its OCIE’s 2015 Cybersecurity Examination Initiative. According to the … Read more »

SEC Issues Cybersecurity Guidance

Doug Cornelius April 30, 2015September 26, 2017 Cybersecurity [+]

Last year, the SEC raised a cloud of concern when it started its cybersecurity initiative aimed at broker/dealers, investment advisers and fund managers. Based on an interview last month it seems that initiative would continue into a phase 2. The SEC recently released its Cybersecurity Guidance that enunciates some steps investment advisers and fund managers … Read more »

Cybersecurity Sweep Phase 2

Doug Cornelius March 11, 2015September 26, 2017 Cybersecurity [+]

According to a story in IA Watch, advisers should expect a second phase of the SEC’s look at cybersecurity. In an interview with IA Watch on March 9, Jane Jarcho, OCIE’s national associate director of the Investment Adviser/Investment Company exam program, described the current thinking behind its “phase 2” initiative around cybersecurity. According to the … Read more »

What Ever Happened to the SEC’s Cybersecurity Sweep?

Doug Cornelius February 4, 2015September 26, 2017 Cybersecurity [+]

The Securities and Exchange Commission put the financial sector in a tizzy when it announced a sweep exam addressing cybersecurity last April. Along with the announcement came a detailed document request list that would make most compliance officers’ heads spin. The problem with the cybersecurity sweep is that it seems to be coming from the … Read more »

Weekend Reading: Countdown to Zero Day

Doug Cornelius October 25, 2014September 26, 2017 Book reviews [+]

We were in a cyber war with Iran. Kim Zetter unravels the story of Stuxnet, the US computer attack on Iran’s nuclear program in Countdown to Zero Day. A few months ago, I read A Time to Attack urging a US military attack on Iran. That book highlighted how Iran had been building a nuclear program … Read more »

Cybersecurity and Private Funds

Doug Cornelius April 28, 2014September 26, 2017 Cybersecurity [+]

The Securities and Exchange Commission has off-an-on expressed concerns about cybersecurity for broker-dealers and registered investment advisers. Now it’s officially concerned. The SEC’s Office of Compliance Inspections and Examinations has announced a new cybersecurity initiative. The Risk Alert follows the announcement of a technology element in OCIE’s 2014 examination priorities and the SEC’s March 26, 2014 … Read more »