Monday, May 23, 2016

FINRA and Cyber Security: Starting from Scratch




A Changed Regulatory Environment


Recently regulatory authorities in the financial space are accelerating their efforts to bring rigor to reducing cyber security risk in their space. In particular you are no doubt seeing a lot of action from recently passed cyber security regulations from the SEC (Security Exchange Commission) and FINRA (Financial Industry Regulatory Authority).

According to 2016 FINRA's Regulatory and Examination Priorities Letter, they will start reviewing firms' approaches to security in the following subjects:
  • Cyber security governance and risk management
  • Cyber security risk assessment
  • Technical controls
  • Incident Response
  • Vendor Management
  • Data Loss prevention
  • Staff Training  
In other words, your regulator will shortly be looking at EVERYTHING you do from a cyber security standpoint.

If your firm currently does not have any cyber security strategy in place, this certainly looks overwhelming. At Immunity we work with a variety of organizations at different stages of their security strategies, from companies with decades of mature information security expertise to companies with no experience or security approach who have traditionally outsourced IT entirely.

The first step for a company that finds themselves in a position to comply with the new cyber security regulations is to understand where they currently stand. We can help you do that through penetration and vulnerability testing and assessments and strategic advice. Not every new-fangled security appliance is right for your program - we can help save you money by running real-world testing on the products you are thinking of acquiring.

Strategic Situational Awareness


A penetration test is not the ultimate test, but will allow your firm to identify some of your high-risk vulnerabilities and assess the impact of a potential attack. It will also provide management and give the board of directors an instant wake up call on the consequence of not addressing the cyber security problem and not putting a security strategy in place.

With the results of the security check in hand, we will have a first overview of your security. Now we can slowly but firmly start addressing each of the different subjects of the FINRA recommendation, which we will discuss in the next blog post.

Of course, if you have any questions about how FINRA's focus on information security affects you we can be reached 9-5 EST: +1-786-220-0600