All Cyber-Security articles – Page 8
-
Blog
OCIE Provides Key Observations from 2014 Cybersecurity Examination Initiative
On April 15, 2014, the SEC's Office of Compliance Inspections and Examinations announced that it would be conducting examinations of more than 50 registered broker-dealers and registered investment advisers focused on cybersecurity governance and risk. Until yesterday, there has been little or no information from the SEC concerning the results ...
-
Blog
SEC Exams Reveal Mixed Bag of Financial Firms' Cyber-Security Efforts
Last year, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations examined 106 broker-dealers and investment advisers in an effort to better understand how they address the legal, regulatory, and compliance issues associated with cyber-security. An OCIE risk alert released this week breaks down the findings of the ...
-
Article
SEC, FINRA Dropping Hints on Risk
Compliance officers looking to read some tea leaves about what worries the Securities and Exchange Commission these days might want to skim the 2015 exam priorities that the SEC and FINRA have posted. That guidance applies foremost to financial firms, but “it’s only a matter of time before they require ...
-
Blog
Audit Committees, Operational Risk, and Unease
Image: News flash: Audit committees are still overworked and unsure how to handle new risks confronting Corporate America. So says the 2015 edition of the KPMG Audit Committee Survey, which tells some good news on financial reporting risks, amid a more troubling morass of operational and cyber-security risks nobody seems ...
-
Article
Smarter Assessments of Cyber-Risk
Image: Every compliance and audit executive wants to manage cyber-security risks. That assumes, however, that the whole organization agrees on what a cyber-security risk is. Taxonomies do exist to build a more disciplined approach to cyber-security. Try to take all steps to manage all such risks, and “it’s going to ...
-
Article
COSO Tacks Toward Cyber-Security
As cyber-security works its way onto the corporate board agenda, COSO is suggesting ways that its frameworks for internal control and risk management can be a starting point for companies to anticipate fast-emerging risks. “Just as the board is responsible for enterprise risk management, this is very similar,” says Mike ...
-
Article
Assessing Your Digital Marketing Risk
Internal auditors with not enough to do, cheer up: Digital marketing risk is emerging as a new headache to keep you busy. Data theft and fraud are rampant, and ways to find and seal up those weaknesses aren’t entirely clear. “It’s a newer area,” says Bill Michalisin of the Institute ...
-
Blog
COSO Relates Frameworks to Cyber Risks
COSO is urging companies to look at its framework with not just financial controls in mind, but cyber-security as well. A paper from the Committee details how the five components of internal control apply to the assessment of cyber-risks, with discussion on how the principles underlying the risk assessment, control ...
-
Blog
SEC Announces 2015 Examination Priorities
The SEC has released its examination priorities for 2015. The list includes cyber-security controls and assessing anti-money laundering efforts, with a focus on firms that have not filed suspicious activity reports or have incomplete or late filings. SEC staff will also examine proxy advisory service firms, assessing how they make ...
-
Blog
Six Compliance Events to Watch in 2015
Image: Welcome back! Before everyone returns to the raw thrill of audit committee meetings, internal control testing, e-discovery requests, and vendor proposals for GRC software upgrades, let’s take a moment to contemplate what lies ahead for compliance, risk, and audit executives in 2015. Editor Matt Kelly has his top picks ...
-
Blog
Another Step Forward in Tackling Cyber-Security Risk
Image: Dec. 31—COSO’s Internal Control — Integrated Framework talks a good game about being useful beyond financial reporting risks, but Compliance Week Editor Matt Kelly has always wondered how that works in practice. Then came a nifty piece of guidance: a taxonomy of operational risks in cyber-security, published by the ...
-
Blog
Bank CEOs, Boards Get Another Batch of Cyber-Security Help
Bank CEOs and boards have a fresh batch of cyber-security guidance to evaluate. On Wednesday, The Conference of State Bank Supervisors released “Cybersecurity 101: A Resource Guide for Bank Executives,” a document that collects industry-recognized standards and best practices that are currently used within the financial services industry.
-
Article
It May Be Voluntary, but NIST Framework Is a Crucial Cyber-Security Tool
Each day, it seems another big-name company falls victim to a cyber-attack. The new framework for assessing the security flaws, developed by the National Institute of Standards and Technology, may be intended for critical-infrastructure companies, but other businesses may find that its guidance offers more help than the mélange of ...
-
Blog
Report: Companies Struggle to Secure Sensitive Data
Many companies still struggle with how to secure their most sensitive data, elevating the risk of a data breach, according to a new cyber-security report of nearly 500 IT and security professionals conducted by information-security firm Trustwave. The report reveals significant security deficiencies and common security weaknesses still remain in ...
-
Blog
New York Becomes First State to Launch Cyber-Security Exams for Banks
Add the New York Department of Financial Services to the growing list list of regulators (such as the SEC and FINRA) who will be scrutinizing the cybersecurity practices of Wall Street banks and financial institutions. On Wednesday, Benjamin Lawsky, New York's Superintendant of Financial Services, stated in a letter to ...
-
Article
Frameworks and Leadership on Cyber-Risks
As cyber-security attacks become everyday news, companies are racing to identify and mitigate their risks. Some of that is “pure” IT security; much of it is about applying a control framework smartly to new technologies—and empowering the right person to oversee these risks. “Companies ... for the most part are ...
-
Blog
DoJ Creating Dedicated Cybersecurity Unit Within Criminal Division
Image: Assistant Attorney General Leslie Caldwell has announced that the Justice Department is creating a cyber-security unit within the Criminal Division. Prosecutors will serve as a “central hub for expert advice and legal guidance regarding the criminal electronic surveillance statutes for both U.S. and international law enforcement conducting complex cyber-investigations,” ...
-
Blog
SEC Approves Rule Requiring Technology Safeguards
Image: Nov. 19—Despite concerns that it may be too limited in its current form, the SEC unanimously approved Regulation SCI, new rules intended to strengthen the technology infrastructure of securities markets, improve their resilience, and enhance the Commission’s ability to oversee them. The rule includes attestation requirements for chief executive ...
-
Article
The Real Data Breach Risks Are Right Under Your Nose
While companies fret about shadowy hackers based in Russia and China hell bent on stealing customer information, employees—not cyber-criminals—pose the biggest threat to create data breaches and data loss, according to a recent study. Ungoverned and negligent file-sharing by employees is hitting epidemic proportions: More than half of respondents to ...
-
Blog
Bank Executives, Boards Urged to Share Cyber-Risk Data
Bank executives and directors are getting another new guidance from the multi-agency Federal Financial Institutions Examination Council. The guidance encourages management and boards to ask questions about how accountability is determined for managing cyber-risks; the process for ensuring employee awareness; what is reported to the board on cyber-security events; the ...