All Regulation SP articles

  • Article

    The Key Cyber-Security Question: What Is ‘Reasonable’?


    Regulators often say they want “reasonable” precautions when spelling out expectations on cyber-security. But with a plethora of guidance and frameworks to consider, what does that mean—and does “reasonable” depend on industry and company size? A small summit meeting of cyber-security voices debated that question in Boston recently; we have ...

  • Article

    Enforcement Action May Be Omen of SEC’s Cyber-Security Plans


    An investment adviser firm in St. Louis has become the (painful) test subject for the SEC’s attitude on cyber-security matters. The case, observers say, is a warning that the agency is moving away from guidance and toward enforcement. So what will the SEC consider to be “reasonable” security efforts? Will ...