SEC Pushes Increased Cyber Vigilance
This week, the SEC's Office of Compliance Inspections and Examinations (less frighteningly, the "OCIE") put out its report on Cybersecurity and Resiliency Observations.
Before you take a nap, stick with me for 30 more seconds to get the goods.
OCIE has highlighted information security as a key risk for security market participants, and has included it as a key element in its examination program over the past eight years.
In the report, the OCIE highlights industry best practices for cyber risk management, including:
- Governance and Risk Management
- Access Rights and Controls
- Data Loss Prevention (DLP)
- Mobile Security
- Incident Response and Resiliency
- Vendor Management
- Training and Awareness
Let's take a quick view into the elements of a compliant Training and Awareness program:
- Policies and Procedures - train staff on organization's cybersecurity procedures to build a security-minded culture
- Real-World Examples - utilize relevant training content and send real-world phishing tests
- Measure Effectiveness - monitor every employee's performance in the program and continuously update content to match latest risks
As risks and regulations increase, financial institutions are turning to INFIMA's fully automated Cyber Security Training to keep their teams safe.
Want to learn more? Start here!
See OCIE's full publication here.
[https://www.sec.gov/files/OCIE%20Cybersecurity%20and%20Resiliency%20Observations.pdf?mod=article_inline]
INFIMA Security Newsletter
Join the newsletter to receive the latest updates in your inbox.
Criminal Courts Hacked, Docs Leaked
With Courts sending and receiving tons of email with attachments, they are a ripe target for a crafty Phish.
What Do Canon, Jack Daniels and Carnival Cruises Have In Common?
You may patronize each of these companies on vacation, and now hackers are taking a lot of that money for themselves.
