Abstract
Purpose – To summarize and comment on FINRA’s report on cybersecurity practices, published on February 4, 2015, which arose from its 2014 targeted examination of firms’ cybersecurity preparedness. Design/methodology/approach – Explains the implications of the FINRA report and general guidance FINRA provides and expects all firms to consider in connection with developing their respective cybersecurity programs in eight areas: governance and risk management for cybersecurity; cybersecurity risk assessment; technical controls; incident response planning; vendor management; staff training; cyber intelligence and information sharing; and cyber insurance. Findings – There is no doubt that cybersecurity is a key risk facing the financial services industry now. Accordingly, FINRA expects that firms will review the report and assess how the principles and effective practices provided therein could help build or improve cybersecurity readiness. The report reflects FINRA’s risk-management-based approach to cybersecurity issues, identifying principles and “effective practices” for member firms to consider, as opposed to decreeing specific requirements, policies or procedures. Originality/value – Expert guidance from experienced securities lawyers.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.