Ahead of Round 2 of the SEC’s Cybersecurity Sweep Exam, we now have guidance regarding what they might be looking for when they come to visit.
They recommend the following:
- Conduct a periodic assessment to identify potential cybersecurity threats and vulnerabilities so as to better prioritize and mitigate risks.
- Create a strategy that is designed to prevent, detect and respond to cybersecurity threats.
- Implement the strategy through written policies and procedures and training that provide guidance to officers and employees.
The entire Guidance Update can be found at http://www.sec.gov/investment/im-guidance-2015-02.pdf