Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Compliance

11:43 AM
Connect Directly
RSS
E-Mail
50%
50%

SEC Requests Financial Firms' Security Details

SEC asks 50 businesses for copies of their security policies, procedures, and controls in an effort to help the industry bolster cybersecurity protection.

The Securities and Exchange Commission plans to study the information security policies, procedures, and levels of preparedness of businesses in the financial services sector.

In an announcement issued earlier this month, the SEC's Office of Compliance Inspections and Examinations (OCIE) said it would be "conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity" -- government-speak for anything involving information, computers, and security.

The agency's stated rationale for conducting the examinations is to "help identify areas where the Commission and the industry can work together to protect investors and our capital markets from cybersecurity threats." Interestingly, the agency added that "this guidance is not a rule, regulation, or statement of the commission," suggesting that the information would be amassed -- at least initially – only for information-gathering purposes.

What form will those examinations take? While no final version of the exam has been released, the OCIE included in its announcement a 28-question sample cyber security document that poses questions around such areas as risk identification, safeguarding firms' networks, securing remote customer access and fund-transfer requests, working with vendors, and detecting unauthorized activity. The agency said the questions are based in part on the "Framework for Improving Critical Infrastructure Cybersecurity" released by the National Institute of Standards and Technology in February.

Read the full story on Dark Reading Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Register for Wall Street & Technology Newsletters
Video
Stressed Out by Compliance, Reputational Damage & Fines?
Stressed Out by Compliance, Reputational Damage & Fines?
Financial services executives are living in a "regulatory pressure cooker." Here's how executives are preparing for the new compliance requirements.