OCIE issued a Risk Alert providing additional information concerning its initiative to assess cybersecurity preparedness in the securities industry. The Risk Alert provides a sample list of requests for information that OCIE may use in conducting examinations of registered entities regarding cybersecurity matters. Some of the questions track information outlined in the “Framework for Improving Critical Infrastructure Cybersecurity,” released on February 12, 2014 by the National Institute of Standards and Technology.
The list of requests is divided in the following sections:
* Identification or Risks of Cybersecurity Governance
* Protection of Firm Networks and Information
* Risks Associated with Remote Customer Access and Fund Transfer Requests
* Risks Associated with Vendors and Other Third Parties
* Detection of Unauthorized Activity
Click here to access the alert.