The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) recently issued its examination observations related to market participants’ cyber-security and operational resiliency practices. The SEC guidance comes the same week the National Security Agency (NSA) released its own guidance on mitigating cloud vulnerabilities.
The OCIE’s examinations observations report, published Monday, highlights approaches taken by market participants in the following areas: governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. “We felt it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cyber-security practices,” said OCIE Director Peter Driscoll.
