Академический Документы
Профессиональный Документы
Культура Документы
Feed
Forward
February 2015:
FINRA Report Released:
Cyber-Security
Practices
Feed Back
Large Banks
Proprietary
Trading
Online
Brokerage
Risk
Assessment
define policies,
processes, structures,
controls
tailored to
cybersecurity risks
Technical
Control
Cyber
Insurance
Information
Sharing
Governance
Risk
Management
Vendor
Management
Incident
Response
Plan
Staff
Training
Further, the firm stored the customer data on a computer with an internet
connection and did not encrypt the information
21860 Burbank Blvd North Building, Suite 150 Woodland Hills, CA 91367
www.finracompliance.com
21860 Burbank Blvd North Building, Suite 150 Woodland Hills, CA 91367
www.finracompliance.com
Cont.
5) In response to their findings, FINRA released standards for brokerage and
investment firms to implement as a means to protect customer and firm data
from threats and attacks. FINRA created a summary of effective principals and
practices leading to a sound cyber-security program. Brokerage and
Investment firms need to analyze their proficiency in these key areas to
ensure data is secure at all times. The key areas include: Governance and Risk
Management, Risk Assessment, Technical Control, Incident Response Plan,
Vendor Management, Staff Training, Information Sharing Practices, Cyber
Insurance.
6) FINRA has cited, sanctioned, and fined firms with weak cyber-security
infrastructures. The report presents case study examples of errors on the part
of the firm to protect customer and company data. Hackers use sophisticated
methods to breach company records. Firms must stay on top of security
measures to ensure they are protected against common and not so common
threats.
7) In some cases there are simple measures that firms can implement to prevent
cyber attacks. Restricting access and use of administrative level passwords,
using strong passwords and frequently changing them, and maintaining virus
software are common practices. Firms must also implement strong prevention
tactics such as regular review of web logs for attempted breaches, testing
systems against breach, and using separate storage devices for customer data.
8) Firms must also recognize that risks are not entirely within their own control.
Some risks come from outsourced services and cloud based computing
systems. Brokerage firms have less control over security of cloud based
systems and must review procedures and security measures of their vendors
to ensure protection standards are implemented at the level that securities
brokerages are required to maintain.
21860 Burbank Blvd North Building, Suite 150 Woodland Hills, CA 91367
www.finracompliance.com
Cont.
9) FINRA reported several key concerns with cloud based computing and
outsourced vendor services. Investment and Securities firms must exercise
due diligence in who they do business with and what the capabilities are.
Firms should interview vendor companies to identify which secure measures
are in place and to ensure they are compliant with investment firm standards.
10) Cyber security is a growing risk to broker-dealers, investment advisers, hedgefund managers, and family practices. RND Resources is actively engaged in
reviewing Investment firms and practices cyber security programs, and
making recommendations and establishing procedural standards. It is
important for firms to have their cyber security strategy assessed for its
ability to prevent attacks and quickly recover if one happens. Some states
have specific laws with regards to disclosure of cyber attacks. Firms must
maintain standards compliant with their local and state laws as well
regulatory standards.
11) RND Resources, Inc is leading securities and brokerage professionals to
successfully implement compliance with FINRA and SEC standards. We are
experts at helping firms reach their compliance goals. Our company is a
member of ISACA Information Systems Audit and Control Association which
serves to keep members informed of threats in the IT landscape and focuses
on IT governance. RND is also a member of NSCP the National Society of
Compliance Professionals. Contact us for information about how we can help
your firm protect itself from attack and meet regulatory standards. Phone
(818) 657-0288 or visit our website at www.finracompliance.com