Cyberattacks are becoming increasingly prevalent making cybersecurity measures imperative for every firm, large and small, to protect client, employee, and firm sensitive information, and to avoid regulatory, litigation and reputational risk. If your firm has not developed formal cybersecurity measures, Finseg can help you create a cybersecurity program that is “right-sized” for your business operations. Or, if your firm has developed cybersecurity measures, Finseg can assist in evaluating whether those measures are sufficiently robust and reasonably-designed based upon the firm’s cybersecurity risk.
Finseg has developed risk-based testing modules for cybersecurity. Specifically, Finseg’s risk-based testing assesses the existence and implementation of reasonably-designed policies, procedures and controls associated with a cybersecurity risk management program premised upon a firm’s cybersecurity risk assessment and reflective of the five National Institute of Standards and Technology (“NIST”) Cybersecurity Framework principles: Identify, Protect, Detect, Respond, and Recover. Finseg’s testing modules address, for example, governance, access rights, training, and incident preparedness and response protocols developed from cybersecurity regulatory guidance sourced from the SEC, FINRA, NASAA/States, NIST, the Federal Financial Institutions Examination Council (“FFIEC”), and the Federal Communications Commission (“FCC”), among other resources. Of course, integral to this testing is an assessment of the protection of the confidentiality, integrity and availability of sensitive customer/employee/firm information that is required by Regulation S-P, Regulation S-ID, and Rule 17a-4(f) of the Securities Exchange Act of 1934.
Finseg will provide assistance tailored to the needs of your firm, which may include a one-time assessment of your firm’s cybersecurity program with recommendations for possible enhancements or more concentrated reviews based on specific cybersecurity modules designed to accommodate budgetary constraints or planning processes.