• Home
  • About
  • Practice Areas
    • Business
    • Energy
    • Estate Planning
  • Testimonials
  • Simple Wills
  • Contact
  • Blog

Pippenger Hedberg Law

  • Home
  • About
  • Practice Areas
    • Business
    • Energy
    • Estate Planning
  • Testimonials
  • Simple Wills
  • Contact
  • Blog
  • Menu
Cybersecurity
Cybersecurity

Cybersecurity in the Private Sector: The SEC Holds a Roundtable and Issues a Risk Alert

April 23, 2014

A look at the SEC’s 2014 Cybersecurity Initiative, including a recent roundtable discussion and release of its National Exam Program Risk Alert.

On March 26th, 2014 the U.S. Securities and Exchange Commission hosted a cybersecurity roundtable designed to highlight the importance of Internet and data security for Wall Street firms.

The SEC press release announced a series of four panel discussions. Panel 1, on the ‘Cybersecurity Landscape,’ included representatives from the U.S. Department of the Treasury, the National Security Council, and the Department of Homeland Security, as well as several private-sector cybersecurity experts. Panel 2, on ‘Public Company Disclosure,’ featured speakers from a number of leading private firms as well as an advocate from the Brooklyn Law School. Panel 3, on ‘Market Systems,’ welcomed expert speakers on information security from the NASDAQ OMX, the Chicago Board Options Exchange, and the U.S. Treasury’s Office of Financial Institutions Policy. Panel 4 on ‘Broker-Dealers, Investment Advisers, and Transfer Agents,’ featured a collection of notable corporate investment managers and financial policy makers.

In her opening statement to the roundtable, chair Mary Jo White emphasized the crucial importance of maintaining the stability of our market system by protecting the integrity of client and customer data from external threats. White also recognized a “compelling need for stronger partnerships between the government and private sector” in order to achieve this goal.

The SEC followed the roundtable with the release of a nine-page National Exam Program Risk Alert as part of this ongoing initiative. The document was published by the SEC Office of Compliance Inspections and Examinations (OCIE) on April 15th, and has been regarded in the press as an “examination blueprint” on cybersecurity for Wall Street firms. The publication outlines what Fox Business News has dubbed a “road map” for the financial sector designed to assist in identifying and preventing future cybersecurity attacks. The Fox Business article also reports that the SEC plans on examining more than 50 companies in order to assess the state of their cybersecurity preparedness. Among its numerous recommendations, the Risk Alert asks companies to provide lists of any malware detected in their computer systems and to examine internal policies for handling ‘denial of service’ attacks and similar security breaches.

The Risk Alert document also features detailed sample questions and topics of concern that SEC investigators are likely to address when interviewing cybersecurity officers at the 50 plus firms it has chosen to examine. Areas of interest include policies for protecting customer information, the risks presented by remote customer access and fund transfers, company policies toward information passed on to third-party vendors, and mechanisms for monitoring and detecting unauthorized activity on a company’s servers.

This invigorated government response toward cybersecurity comes in the wake of several high-profile Internet security breaches suffered by national retailers, including Target Corporation and the Neiman Marcus Group, both of which reported cyber-attacks in the latter part of 2013.

Overall, this new push by the SEC indicates a vigorous effort by the governing body to determine the state of cybersecurity preparedness across the nation’s brokerages, asset-management firms, and other private financial institutions. With the roundtable and subsequent Risk Alert, the Commission looks to be encouraging continued education and increased cooperation between government and the private sector on this pressing subject. Additionally, the initiative points toward the SEC’s efforts to more clearly define the extent to which the U.S. government should play a future role in examining and disclosing the severity of private sector cybersecurity attacks.

For those wishing to examine in greater detail the OCIE’s National Exam Program Risk Alert, the full text is available here.

In Legal News Tags SEC cybersecurity initiative, Wall Street cybersecurity
← New FCC Rules Would Rethink Net Neutrality and the Open InternetColorado Lawyers May Legally Advise Marijuana Business →

Recent Articles

Featured
Sep 24, 2015
What Do I Need to Know to Know my Estate Plan is Complete ?
Sep 24, 2015
Sep 24, 2015
Sep 15, 2015
Estate Plan FAQs
Sep 15, 2015
Sep 15, 2015

Categories

  • Energy (2)
  • IT (3)
  • Business (7)
  • Legal Assistance (10)
  • Estate Planning (13)
  • Recent Court Decisions (15)
  • Legal News (55)

Archive by Month

  • September 2015 (4)
  • August 2015 (3)
  • July 2015 (1)
  • June 2015 (4)
  • May 2015 (4)
  • April 2015 (2)
  • March 2015 (1)
  • August 2014 (3)
  • July 2014 (4)
  • June 2014 (5)
  • May 2014 (2)
  • April 2014 (3)
  • March 2014 (4)
  • February 2014 (6)
  • January 2014 (6)
  • December 2013 (4)
  • November 2013 (1)
  • October 2013 (3)
  • September 2013 (5)
  • August 2013 (1)
  • July 2013 (2)
  • June 2013 (5)
  • May 2013 (5)
  • February 2013 (1)
  • January 2013 (2)
  • September 2012 (1)