Finra Releases Cybersecurity Practices Report
Eight sections with suggested practices broker-dealers should adopt
The 46-page report is based off of a targeted examination, also known as a sweep, of an assortment of firms that looked into the types of threats firms face, the parts of firms' systems that might be susceptible to an attack, and how they're handling cybersecurity threats.
The results from the sweep mirrored that of a 2011 Finra survey where firms considered their top three cybersecurity threats: hackers, insiders compromising data and operational risks (power failures, earthquakes, etc.)
The report is broken down into eight sections, each of which includes a "Principles and Effective Practices" portion that summarizes what firms should implement to best protect themselves against cybersecurity. The sections are:
·Governance and risk management for cybersecurity
·Cybersecurity risk assessment
·Technical controls
·Incident response planning
·Vendor management
·Staff training
·Cyber intelligence and information sharing
·Cyber insurance
The report falls in line with Finra's 2015 Regulatory and Examinations Priority letter released earlier this year. The letter identified cybersecurity as one of five key areas of focus for the coming year.
"Broker-dealers face a variety of rapidly evolving cybersecurity threats, which require a well-designed and adaptable cybersecurity program," said Susan Axelrod, executive vice president for regulatory operations at Finra. "Finra is keenly focused on cybersecurity, and firms must make responding to these threats a high priority. This report builds on the insights from our recent cybersecurity sweep and highlights a series of principles and effective practices that firms can adapt to their particular circumstances."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
DSB says industry is ready to meet UPI mandate ahead of deadline
The Unique Product Identifier will be required for certain OTC derivatives in the EU at the end of April, following US adoption in January.
‘Very careful thought’: T+1 will introduce costs, complexities for ETF traders
When the US moves to T+1 at the end of May 2024, firms trading ETFs will need to automate their workflows as much as possible to avoid "settlement misalignment" and additional costs.
Court case probes open-source licenses as movement stands at crossroads
The Software Freedom Conservancy’s lawsuit against TV-maker Vizio begins trial in California, raising questions about open-source licenses and the risks posed by adhering to them.
Waters Wavelength Podcast: Countdown to T+1
DTCC’s Val Wotton joins the podcast this week to discuss the impending move to T+1 in the US.
Consolidated tape hopefuls gear up for uncertain tender process
The bond tapes in the UK and EU are on track to be authorized in 2025. Prospective bidders for the role of provider must choose where to focus their efforts in anticipation of more regulatory clarity on the tender process.
Fighting FAIRR: Inside the bill aiming to keep AI and algos honest
The Financial Artificial Intelligence Risk Reduction Act seeks to fix a market abuse loophole by declaring that AI algorithms do not have brains.
Waters Wrap: The rise of AI washing… and regulation washing?
The SEC recently levied fines against two investment advisors over “AI washing”. Anthony takes issue with the announcement.
Prepare now for the inevitable: T+1 isn’t just a US challenge
The DTCC’s Val Wotton believes that firms around the globe should view North America’s move to T+1 as an opportunity—because it’s inevitable.
Most read
- Chris Edmonds takes the reins at ICE Fixed Income and Data Services
- Deutsche Börse democratizes data with Marketplace offering
- Sell-Side Technology Awards 2024: All the winners