FINRA publishes its 2015 “Report on Cybersecurity Practices”
Abstract
Purpose
To summarize and comment on FINRA’s report on cybersecurity practices, published on February 4, 2015, which arose from its 2014 targeted examination of firms’ cybersecurity preparedness.
Design/methodology/approach
Explains the implications of the FINRA report and general guidance FINRA provides and expects all firms to consider in connection with developing their respective cybersecurity programs in eight areas: governance and risk management for cybersecurity; cybersecurity risk assessment; technical controls; incident response planning; vendor management; staff training; cyber intelligence and information sharing; and cyber insurance.
Findings
There is no doubt that cybersecurity is a key risk facing the financial services industry now. Accordingly, FINRA expects that firms will review the report and assess how the principles and effective practices provided therein could help build or improve cybersecurity readiness. The report reflects FINRA’s risk-management-based approach to cybersecurity issues, identifying principles and “effective practices” for member firms to consider, as opposed to decreeing specific requirements, policies or procedures.
Originality/value
Expert guidance from experienced securities lawyers.
Keywords
Acknowledgements
© Bryan Cave LLP, All rights reserved.
Citation
Kuhlman, R. and Kempf, J. (2015), "FINRA publishes its 2015 “Report on Cybersecurity Practices”", Journal of Investment Compliance, Vol. 16 No. 2, pp. 47-51. https://doi.org/10.1108/JOIC-04-2015-0025
Publisher
:Emerald Group Publishing Limited
Copyright © 2015, Authors