Security Magazine

Securities and Exchange Commission Releases Cyber Security Examination Blueprint

April 17, 2014

U.S. securities regulators unveiled a road map for ensuring that Wall Street firms are prepared to detect and prevent cyber security attacks.

The nine-page document, posted April 15, contains examples of the questions Securities and Exchange Commission examiners might ask brokerages and asset managers during inspections, said Fox Business.

The document puts firms on alert to be prepared, for instance, to provide a comprehensive list of when they detected malware, suffered a "denial of service" attack or discovered a network breach since January 2013. The SEC also plans examinations of more than 50 firms that will focus on cyber security-specific issues, said Fox Business.

In addition to asking questions about past attacks, the SEC document also indicates that examiners might gather information about how firms protect private customer information. This includes checking to see how customers are authenticated to access online accounts and what security measures are in place to protect PIN numbersm said Fox Business.

The full list of questions is here: http://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf