In January 2020, the SEC’s Office of Compliance Inspections and Examinations published a report on observations on cybersecurity and resiliency practices for financial institutions. From the SEC’s press release:
The Securities and Exchange Commission Commission’s Office of Compliance Inspections and Examinations (OCIE) today issued examination observations related to cybersecurity and operational resiliency practices taken by market participants.
The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. The observations highlight specific examples of cybersecurity and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.
The OCIE’s report includes both logical and actionable cybersecurity observations, all of which require a fundamental and comprehensive asset management practice. The following video highlights the suggestions for financial firms to improve cybersecurity and how asset management can help.
We’ve also produced an industry response paper, summarizing the OCIE’s report that explores the role cybersecurity asset management plays in each of their key observations.