Last month’s release of a comprehensive proposed rule change by the SEC was a welcome evolution of their approach to cybersecurity. Currently, there are “no Commission rules that specifically require firms to adopt and implement comprehensive cybersecurity programs”. Despite the Commission’s emphasis on good cyber hygiene within the examinations, this marks the beginning of a revolutionary approach to cybersecurity. The proposed release of a comprehensive rule may solidify the expectations of a firm to achieve compliance with SEC cybersecurity requirements.
The rules will focus on 5 key areas:
- risk assessment, including assessment of risks associated with certain service providers, oversight of such providers, and appropriate written contracts with such providers;
- user security and access;
- information protection;
- cybersecurity threat and vulnerability management; and
- cybersecurity incident response and recovery.
Read more at our previous blog post here, and watch the on-demand webinar below!