On September 15, 2015, The SEC has issued another Risk Alert that addresses the SEC’s cyber security examination initiative. The key take away is that OCIE staff will continue its focus on cyber security by conducting examinations of registered broker-dealers and investment advisors. In sharing the key focus areas for the Cybersecurity Examination Initiative, the SEC hopes to encourage registered broker-dealers and investment advisers to reflect upon their own practices, policies, and procedures with respect to cybersecurity.
Given the continued importance of cybersecurity and the positive response from broker-dealers and advisers on OCIE’s efforts, OCIE announced a focus on cybersecurity compliance and controls as part of its 2015 Examination Priorities. In order to promote better compliance practices and inform the Commission’s understanding of cybersecurity preparedness, exams will focus on the following areas:
- Governance and risk assessment
- Access rights and controls
- Data loss prevention
- Vendor management
- Security Awareness training
- Incident response