The US Securities and Exchange Commission Commission’s Office of Compliance Inspections and Examinations has issued a report providing observations related to cyber security and operational resiliency practices obtained from examinations taken by market participants.
The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They also highlight specific examples of cyber security and operational resiliency practices and controls that organisations have taken to potentially safeguard against threats and respond in the event of an incident.
The OCIE is encouraging market participants to review their practices, policies and procedures with respect to cybersecurity and operational resiliency in the light of the report.
Australian entities can benefit from the observations in the report by checking how they measure up against the listed controls. A copy of the report can be found at the SEC’s website.