Cybersecurity For Brokers: 'Only The Paranoid Survive'
|
|
- Estella Porter
- 8 years ago
- Views:
Transcription
1 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY Phone: Fax: Cybersecurity For Brokers: 'Only The Paranoid Survive' Law360, New York (July 2, 2015, 10:32 AM ET) -- Duuun dun, duuun dun, dun, dun, dun, dun, dun, dun, BOM, BOM, dun,dun, dun, dun, dun, dun, doo dedoo, doo dedoo, dede doo, dede doo, dede doo[1] Just when you thought it was safe to go back in the water and have a quiet summer, U.S. Securities and Exchange Commission Commissioner Luis Aguilar hoisted the warning flags. At the end of June, he gave a wide-ranging speech addressing a number of cyber-related problems facing the securities industry.[2] Aguilar touched on cyberissues relevant to many key players, from issuers to exchanges, but his speech was particularly noteworthy for securities firms trying to stay afloat in the (cyber) shark-infested waters of today s technology-driven world. [3] His speech is the first by a commissioner to address in detail the results of the SEC s 2014 cybersecurity sweep exam of broker-dealers (BDs) and Brian L. Rubin investment advisers (IAs), and it is also the first to discuss cyber-related enforcement actions by the SEC. Securities firms would do well to take notice (and take all other necessary precautions including, but not limited to, battening down the hatches). This was No Boat Accident [4]: Results of the SEC s 2014 Cybersecurity Exam The SEC s 2014 cybersecurity sweep examined 57 BDs and 49 IAs on a number of cyber-related issues ranging from technical safeguards and cybergovernance to breach response.[5] The sweep s results, released in February 2015,[6] had some encouraging data; for example, 93 pecent of BDs (although just 83 percent of IAs) reported having written information security policies.[7] Nonetheless, as Aguilar noted, the sweep s results revealed areas that needed improvement. [8] Among the troubled waters Aguilar identified were the following: Firms cybersecurity policies and procedures generally failed to specify how firms would determine responsibility for client losses stemming from a cyberattack. [9] The SEC s exam found that the policies and procedures of 30 percent of BDs and 13 percent of IAs contain these provisions.[10] Aguilar s decision to highlight this statistic may suggest that the SEC views this issue as a basic, best practice that all firms should address.
2 While most firms conduct periodic risk assessments of their own systems, fewer firms conducted [risk] assessments of their vendors systems. [11] The SEC found that 84 percent of BDs and 32 percent of IAs conduct risk assessment of vendors that have access to their networks.[12] The stark difference between BDs and IAs suggests that Aguilar s criticism may have been aimed more at IAs, whose results in the SEC s sweep exam were generally not as positive as the results from BDs.[13] However, the fact that Aguilar highlighted vendors suggests that firms may want to consider how they handle the cyberpractices of their vendors. Particularly given that several high-profile breaches in recent years began with a vendor breach, it is not surprising that the SEC might focus on this issue. The Financial Industry Regulatory Authority has already brought an enforcement action for this issue. In February 2010, it sanctioned a firm for failing to establish policies and procedures that address and review administrative, technical, and physical safeguards for the protection of customer information involved in an arrangement by which a firm outsourced many of its compliance and operations functions to a nonaffiliated third party. [14] [O]nly two-thirds of broker-dealers and only one-third of advisers have elected to designate a chief information security officer, while cybersecurity insurance is carried by just over half of broker-dealers, and by less than a quarter of advisers. Aguilar called these numbers disappointing because both practices are common-sense precautions that have been shown to decrease the costs associated with data breaches. [15] While having a dedicated chief information security officer (CISO) may not make sense for all firms (particularly smaller firms), having a cyber point person may help ensure that fewer cyberissues fall through the cracks. Like a CISO, cyberinsurance may not be appropriate for all firms. As FINRA has suggested, firms might want to assess whether existing insurance policies cover any aspects of cybersecurity events, as well as the cost of a new policy and the nature of coverage... a new or enhanced cyberinsurance policy [will] provide. [16] FINRA also found, however, that firms purchase cybercoverage to transfer potential unmitigated risk that a cyberattack poses; to obtain coverage for gaps in existing insurance policies; and to reduce the risk of potential impact to a firm s financial statement that a cyberattack might cause.[17] I Think He s Come Back For His Noon Feeding [18]: Cybersecurity Enforcement Actions According to Aguilar, the SEC has been proactively examining how it can bring more cybersecurity enforcement actions using its existing authority. [19] Although he did not cite any specific examples, he did reference a 2011 enforcement action as an example of a case in which a firm failed to protect [its] customers confidential information. [20] Aguilar s decision to cite this case may suggest one issue that is being investigated by the SEC s enforcement staff during its current investigations into multiple data breaches. [21]
3 In the case cited by Aguilar,[22] a broker-dealer s chief compliance officer (CCO) was fined and censured after his firm experienced a series of data breaches. According to the CCO s settlement with the SEC, no single person or department directed or coordinated the firm s responses to the thefts. In addition, the firm s limited response or follow-up [to a series of breaches] repeatedly revealed the firm s policies and procedures for safeguarding customer information to be inadequate. Nonetheless, according to the SEC, the firm s CCO failed to update his firm s Regulation S-P policies and procedures to address the firm s known cyberdeficiencies. The SEC censured the CCO and fined him $15,000. Aguilar s decision to highlight this case suggests that, setting aside the low-hanging fruit (or floating shark bait, if you prefer), such as firms using the word password as their password,[23] the SEC s future cyber-related enforcement actions will most likely involve firms that did not adequately respond to breaches or known cyberdeficiencies. The SEC has brought at least one similar case. In September 2008, the commission sanctioned a firm that was hacked at the time it had been considering implementing auditors recommendations to strengthen its cybersecurity practices.[24] For this and several other cyber-related issues, the firm was censured and fined $275,000.[25] Likewise, in May 2015, FINRA fined a firm $225,000 for not encrypting its laptops until June 2014 (following the theft of a firm laptop), despite having recognized the need for encryption of laptops in 2009.[26] You re Gonna Need a Bigger Boat [27]: Next Steps Aguilar s primary recommendation for members of the securities industry was the prompt sharing of actionable information about threats and possible defenses. For example, Aguilar referenced organizations such as the Financial Services Information Sharing and Analysis Center (FS-ISAC),[28] which gathers and disseminates information about cyberthreats to industry members. FINRA s comprehensive Report on Cybersecurity Practices likewise noted that [f]irms should use cyber threat intelligence to improve their ability to identify, detect and respond to cybersecurity threats. [29] In addition to the FS- ISAC, FINRA found that many firms have establish[ed] an in-house group or department responsible for handling threat intelligence, employed a security services provider for threat intelligence, relied on vendors, or used a combination of these approaches.[30] Lastly, the assistant director of the Federal Bureau of Investigation s Cyber Division recently suggested that members of the securities industry sign up to receive PIN, FLASH, and JAB alerts from the FBI, each of which provides a different type of notification discussing cyberthreats identified by the bureau.[31] * * * Just as "Jaws" kept coming back to the boat at the most importune times, a cyberattack can hit when you least expect it. (And unlike Jaws, a cyberattack will not be accompanied by ominous music to warn you that it s coming.) Although Aguilar s speech did not dive too deeply into cybersecurity for securities firms, it did highlight that firms must continually monitor how they protect themselves and their customers. As Aguilar observed, [i]t s an old joke that only the paranoid survive. In the cybersecurity context, it might just be true. [32] By Brian Rubin and Charlie Kruly, Sutherland Asbill & Brennan LLP Brian Rubin is the partner in charge of litigation in Sutherland's Washington, D.C., office. He is a former deputy chief counsel of enforcement at the National Association Of Securities Dealers (now FINRA) and a former senior enforcement counsel at the SEC.
4 Charlie Kruly is an associate in the firm's Washington office. The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice. [1] See (video of the Jaws theme on a 10-hour loop). [2] SEC Commissioner Luis A. Aguilar, A Threefold Cord Working Together to Meet the Pervasive Challenge of Cyber-Crime, SINET Innovation Summit, New York, New York (June 25, 2015), [hereinafter, Aguilar, A Threefold Cord ] [3] Id. [4] Jaws (1975), [5] See National Exam Program Risk Alert: OCIE Cybersecurity Initiative, at 3 (Apr. 15, 2014) [hereinafter SEC Cybersecurity Sweep], [6] See National Exam Program Risk Alert: Cybersecurity Examination Sweep Summary (Feb. 3, 2015), [hereinafter SEC Sweep Results ]. [7] Id. at 2. [8] Aguilar, A Threefold Cord. [9] Id. [10] SEC Sweep Results at 2. [11] Aguilar, A Threefold Cord. [12] SEC Sweep Results at 2. [13] For example, 82 percent of BDs business continuity plans (BCPs) address cybersecurity, while only 51 percent of IAs BCPs do so. Similarly, 93 percent of BDs conduct cyberrisk assessments, but only 79 percent of IAs do the same. Id. [14] FINRA Letter of Acceptance, Waiver and Consent No at 4 (Feb. 10, 2010), [15] SEC Sweep Results at 2. [16] FINRA, Report on Cybersecurity Practices, at 37 (Feb. 2015),
5 df. [17] Id. [18] Jaws. [19] Aguilar, A Threefold Cord. [20] Id. [21] Id. [22] Release No (Apr. 7, 2011), [23] We re not making that up. See FINRA Letter of Acceptance, Waiver and Consent No , at3, 7 (Apr. 28, 2009), firm for, among other things, employ[ing] the username of Administrator and the password password on a fax server that had been used to host a phishing scam). [24] Release No , at 4-5 (Sept. 11, 2008), available at [25] Id. at 7. [26] FINRA Letter of Acceptance, Waiver and Consent No , at 2-3 (May 15, 2015), [27] Jaws. [28] See [29] FINRA, Report on Cybersecurity Practices at 34 [30] Id. [31] FBI Makes Broker-dealers an Offer They Can t Refuse: Talk to Us About Cybersecurity, Sutherland Cybersecurity and Privacy Insights (June 3, 2015), [32] Aguilar, A Threefold Cord. All Content , Portfolio Media, Inc.
The Problems With SEC s Cybersecurity Approach
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationCorporate Perspectives On Cybersecurity: A Survey Of Execs
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationCybersecurity and Insurance Companies
Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationCurrent Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationCyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP
Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationClient Update SEC Releases Updated Cybersecurity Examination Guidelines
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationCybersecurity Risks, Regulation, Remorse, and Ruin
Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationIdentity theft continues to make headlines as evidenced by the
Investment Advisers Must Ramp Up Identity Theft Prevention Efforts By Bibb L. Strench Bibb L. Strench is Counsel at Seward & Kissel s Washington, D.C. office. He provides advice to registered investment
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationData Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationPROPOSED INTERPRETIVE NOTICE
August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC
More informationCybersecurity and the Threat to Your Company
Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September
More informationDealer Member Cyber-security
Administrative Notice General Please distribute internally to: Legal and Compliance Senior Management Contact: Wendy Rudd Senior Vice President, Member Regulation and Strategic Initiatives 416 646-7216
More informationData Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014
Data Privacy And Cybersecurity For Investment Funds Gregory J. Nowak Angelo A. Stio III October 28, 2014 WHY IS DATA PRIVACY AND SECURITY IMPORTANT? 2 Why is it important to protect data? Data privacy
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationDelving Into FCC's 'Damn Important' Cybersecurity Report
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Delving Into FCC's 'Damn Important' Cybersecurity
More informationDOL Whistleblower Rule Will Have Far-Reaching Effects
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DOL Whistleblower Rule Will Have Far-Reaching Effects
More informationUNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION
UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION INVESTMENT ADVISERS ACT OF 1940 Release No. 4204 / September 22, 2015 ADMINISTRATIVE PROCEEDING File No. 3-16827 In the Matter of
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationHealthcare Information Security Today
Healthcare Information Security Today 2015 Survey Analysis: Evolving Threats and Health Info Security Efforts WHITE PAPER SURVEY BACKGROUND The Information Security Media Group conducts an annual Healthcare
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationDATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE
DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next
More informationUNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION
UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION SECURITIES EXCHANGE ACT OF 1934 Release No. 60733 / September 29, 2009 INVESTMENT ADVISERS ACT OF 1940 Release No. 2929 / September
More informationAnthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:
Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationTesting Your Cybersecurity Infrastructure and Enforcement Related Developments
Wednesday, April 29, 2015 Testing Your Cybersecurity Infrastructure and Enforcement Related Developments Mark C. Amorosi, Investment Management Partner, K&L Gates LLP Laura L. Grossman, Assistant General
More informationCompilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms
Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms September 2014 rth American Securities Administrators Association www.nasaa.org About
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationIT Security to Combat Today s Cyber Fraud
IT Security to Combat Today s Cyber Fraud Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting - O Connor Davies, LLP Timothy M. Simons, CPA, CFA, CIPM, CSCP, CFP Senior Managing
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationWhat The OMB Cybersecurity Proposal Does And Doesn't Do
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com What The OMB Cybersecurity Proposal Does And Doesn't
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationCybersecurity..Is your PE Firm Ready? October 30, 2014
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
More informationZero Deficiencies: Closing the Gap
Zero Deficiencies: Closing the Gap By Francois Cooke July 2012 INTRODUCTION Broker-dealers face constant regulatory risks that continue to increase. These risks have short-term and long-term ramifications.
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationCybersecurity Developments and the Growing Role of Senior Executives and Directors
Cybersecurity Developments and the Growing Role of Senior Executives and Directors From the 2013 Target Corporation breach to this year s attacks on Primera Blue Cross and American Airlines Group Inc.,
More informationsecurities litigation & regulation
Westlaw Journal securities litigation & regulation Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 21, issue 3 / june 11, 2015 Expert Analysis SEC Cybersecurity Investigations:
More informationCybersecurity Assessment
Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today
More informationIdentity Theft - Problems and Prevention Steps
Identity Theft and the Tax Practice Edward K. Zollars, CPA www.cperesources.com www.currentfederaltaxdevelopments.com New Mexico Tax Conference Today s Session Identity Theft in General Size of the Problem
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationHow GCs And Boards Can Brace For The Cybersecurity Storm - Law360
Page 1 of 6 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com How GCs And Boards Can Brace For The Cybersecurity
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER December 9, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationSan Francisco, California WEDNESDAY, NOVEMBER 12, 2014 (All times Pacific Standard Time)
9:00 am 9:05 am Welcome and Introduction Presented by Mark D. Perlow and Richard M. Phillips Mr. Phillips concentrates his practice in securities regulation, particularly SEC enforcement, investment management
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationREDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE
CYBER RISKS SECURITY BREACH CHECKLIST REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE STEP 1 UNDERTAKE PRELIMINARY ASSESSMENT OF THE INCIDENT A serious data security breach is described
More informationBroker-Dealer Supervision of Variable Annuity Sales
Broker-Dealer Supervision of Variable Annuity Sales Clifford Kirsch Sutherland Asbill & Brennan LLP 1114 Avenue of Americas-40 th Floor New York, NY 10036 (212) 389-5052 clifford.kirsch@sablaw.com 1 Relevant
More information10 Important Aspects Of The CFTC Whistleblower Program
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com 10 Important Aspects Of The CFTC Whistleblower Program
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationDOD Takes Data-Centric Approach To Contractor Cybersecurity
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DOD Takes Data-Centric Approach To Contractor Cybersecurity
More informationP: 202.383.0124 E: brian.rubin@sutherland.com
ATTORNEY BIOGRAPHY Brian L. Rubin Partner Washington P: 202.383.0124 E: brian.rubin@sutherland.com Education J.D., Duke University School of Law, Vice Chair, Moot Court Board First Place Team, Craven Cup
More informationWhy is this National Cyber Security Month? Stephen G. Austin, CPA, MBA Swenson Advisors, LLP
Why is this National Cyber Security Month? Stephen G. Austin, CPA, MBA, LLP Created as a collaborative effort between government and industry to ensure every American has the resources they need to stay
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationFINANCIAL SERVICES Cybersecurity 2.0: The Role of Counsel in Addressing Destructive Cyberattacks
FINANCIAL SERVICES Cybersecurity 2.0: The Role of Counsel in Addressing Destructive Cyberattacks By David Fagan and Ashden Fein Covington & Burling It is well understood that cyber threats evolve and,
More informationFrom Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense
1 of 5 11/17/2014 4:14 PM 800.268.2440 From Data Breaches and Information Hacks, to Unsecure Computing - Know Your Defense Share This Every other week it seems like there is another secure data breach
More informationOn July 18, 2006, the US Securities and Exchange Commission (SEC) issued
SEC Adopts New Soft Dollar Guidelines by Bibb L. Strench and Thomas E. Bisset Vol. 13 No. 9 September 2006 On July 18, 2006, the US Securities and Exchange Commission (SEC) issued new guidance (2006 Final
More informationNavigating the Advertising Rules Applying to Investment Adviser and Broker-Dealer Advertising
177 ALI-ABA Course of Study The Financial Services Regulatory Revolution: Navigating the New World of Broker-Dealer and Investment Adviser Regulation, Supervision, and Sales Practices October 21-22, 2010
More informationSOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationCYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts
CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What
More informationTakeaways From GE Capital's $225M Credit Card Settlement
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Takeaways From GE Capital's $225M Credit Card Settlement
More informationTuesday, June 04, 2013 -- 2013 NYS Cyber Security Conference
About Us Zogby Analytics conducts a wide variety of surveys internationally and nationally in industries, including banking, IT, medical devices, government agencies, colleges and universities, non-profits,
More informationRemarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago
More informationPerspectives on Cybersecurity and Its Legal Implications
Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of
More informationReport on Cybersecurity Practices
A REPORT FROM THE FINANCIAL INDUSTRY REGULATORY AUTHORITY Report on Cybersecurity Practices FEBRUARY 2015 Contents Executive Summary 1 Background 3 Governance and Risk Management for Cybersecurity 6 Cybersecurity
More informationPrepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015
Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015 CONTENTS: PROGRAM SCHEDULE... 11 FACULTY BIOS... 19 1. Big Picture Cyber: Threats, Vulnerabilities and
More informationFinancial Advisor Variable Annuity Sales Practices
Financial Advisor Variable Annuity Sales Practices Clifford Kirsch Sutherland Asbill & Brennan LLP 1114 Avenue of Americas-40 th Floor New York, NY 10036 (212) 389-5052 clifford.kirsch@sablaw.com 1 Relevant
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationPrivacy Policy & Identity Theft Prevention Program
Privacy Policy & Identity Theft Prevention Program Orcam Financial Group LLC PO Box 91098 4640 Cass St San Diego, CA 92109 (858) 220-5383 Orcam Financial Group LLC Privacy Policy February, 2014 Page 1
More informationWorking with the FBI
Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement
More informationData Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com
Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationRecent Trends In Pension Buyouts And Lump Sum Offers
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Recent Trends In Pension Buyouts And Lump Sum Offers
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More information