SEC Issues Cybersecurity Guidance
The SEC's Division of Investment Management recently issued cybersecurity guidance for registered investment advisers. The guidance included a three-step approach for registered investment advisers to consider: assess threats, design a strategy and implement that strategy. There are a number of measures that registered investment advisers may wish to consider in addressing cybersecurity risk:
1. Conduct a periodic assessment of the nature, sensitivity and location of information that the firm collects, processes and/or stores, and the technology system it uses. 2. Create a strategy that is designed to prevent, detect and respond to cybersecurity threats. 3. Implement the strategy through written policies and procedures and training that provide guidance to officers and employees concerning applicable threats and measures to prevent, detect and respond to such threats, and that monitor compliance with cybersecurity policies and procedures.
It is noted that many registered investment advisers will not be able to handle the area of cybersecurity internally and will need the help of security, cybersecurity, compliance and legal experts.
To read the full update, please click on the link below: http://www.sec.gov/investment/im-guidance-2015-02.pdf
If you have additional questions, please reach out to your Sadis & Goldberg contact for further clarification.