Menu
Sign In
sign up
victor-lam-800507-unsplash.jpg

 

 Cybersecurity ReferenceHub

 

Pages from Security In Depth - 2019 State of Cybersecurity

State of Cyber Security

2019 Annual Report

Download
PROJECTIONS ON EMERGING BOARD MATTERS

Projections on Emerging Board Matters

The 2019 Governance Outlook: Projections on Emerging Board Matters is designed to give corporate directors and senior executives a comprehensive overview of major business and governance issues likely to demand board focus over the coming year. The report begins with an introduction from NACD, highlighting survey findings...

Download
Report
Future Cyber Threats

Future Cyber Threats - Extreme but Plausible Threat Scenarios in Financial Services

While financial services organizations have always been a target for sophisticated criminals, cyber adversaries’ capabilities are breaking new ground as they advance rapidly. Accenture cyber threat intelligence research points to several key threats that...

 Download

Report
FBI - IC3

FBI’s Internet Crime Complaint Center (IC3) Report

The FBI is the lead federal agency for investigating cyber-attacks by criminals, overseas adversaries, and terrorists, and the FBI’s IC3 provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet-facilitated criminal activity...

Download
Report
Screen Shot 2018-12-14 at 11.28.31 AM

500 Million Marriott Customers Affected in Massive Data Breach

Marriott International Inc. said it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history. The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests...

Download
Articles
CISCO 2018

Annual Cybersecurity Report - Cisco 2018

Adversaries and nation-state actors already have the expertise and tools necessary to take down critical infrastructure and systems and cripple entire regions...

Download
Report
Cybersecurity in Europe 2017

Cybersecurity in Europe 2017

Business has changed markedly over the last few years thanks to the rise and sophistication of digital technologies. As asset managers have evolved to become more automated and utilise a plethora of solutions to manage data, they have unavoidably become more vulnerable to serious cyber attacks...

Download

Report
COBIT 2019

COBIT 2019: The New Framework for I&T Governance

COBIT 5, building on its solid foundation by adding the latest developments affecting enterprise information and technology. COBIT 2019 helps enterprises govern information and technology regardless of where it lives. Right-size your governance program and position your entire enterprise for future success.

Read More

Frameworks
Follow our Prioritized Set of Actions to Protect your Organization

CIS Controls™: Follow our Prioritized Set of Actions to Protect your Organization

The CIS Controls™ are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are developed by a community of IT experts who apply their first-hand experience as cyber defenders to create these globally accepted security best practices.

Download

Frameworks
ISO/IEC 27000 family

ISO/IEC 27000 Family

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

Read More

Frameworks
Workforce Management Guidebook

Workforce Management Guidebook

The human is the greatest vulnerability in any organization. In this era of persistent cyber threats, an organization will be secure only with the active participation of everyone. Each member of the group, from the newest employee to the chief executive, holds the power to harm or to help, to weaken or strengthen, the organization’s security posture.

Download

Report
Essential Eight Explained

Essential Eight Explained

The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of cyber threats. The mitigation strategies can be customised based on each organisation's risk profile and the cyber threats they are most concerned about.

Download

Report
Cybersecurity from a Risk-Management

Examining Cybersecurity from a Risk-Management Viewpoint

In today’s interconnected world, cybersecurity has a lot of different meanings, depending on your understanding of cybersecurity and how it is used in a business environment. What is even more confusing is the number of definitions that define this term.

Read More

Articles
IT Due Diligence In Private Equity

IT Due Diligence In Private Equity

Private equity (PE) firms are comprised of investors who wish to achieve a financial return from buying into companies, rather than by investing in stocks or bonds. In actual practice, the targeted companies are often struggling financially but still have a tremendous upside as identified by PE investors, and they simply need an infusion of cash with perhaps some added managerial expertise or restructuring to streamline operations.

Read More

Articles
Cybersecurity Workforce Development Toolkit

Cybersecurity Workforce Development Toolkit

The Cybersecurity Workforce Development Toolkit helps organizations understand their organization’s cybersecurity workforce and staffing needs to protect their information, customers, and networks.

Download

Report
Screen Shot 2018-10-12 at 2.58.25 PM

Using Cyber War Games to Improve Incident Response

When the financial services industry undertook a cyber attack simulation called Quantum Dawn in 2013, the exercise shined a spotlight on the importance of cyber war games in helping organizations improve incident response.

Read More

Articles
NIST Version 1.1 Cybersecurity Framework

NIST Releases Version 1.1 of its Popular Cybersecurity Framework

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework.

Read More

Frameworks
SEC Adopts Statement

SEC Adopts Statement and Interpretive Guidance

The Securities and Exchange Commission voted unanimously to approve a statement and interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Read More

Regulatory
Taking Control of Vendor Risk: A 6-Step Approach

Taking Control of Vendor Risk: A 6-Step Approach

It may sound like a no-brainer, but you can’t understand the cybersecurity and technology risks posed by your company’s third-party vendors unless you are tracking those vendors and their risks.

Read More

Articles
Increase Cybersecurity Expenditure in 2018

Half of Asset Managers to Increase Cybersecurity Expenditure in 2018 Following Rise in Cyber Attacks

Two-thirds of asset managers believe cyber crime presents a greater threat to their business this year than it did in 2017, according to a survey conducted by Osney Media and BackBay Communications.

Read More

Articles
Objective A. Managing security risk

Objective A. Managing security risk

Appropriate organisational structures, policies, and processes are in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.

Read More

Articles
Six Myths about Hedge Fund Cybersecurity

ECI - Six Myths about Hedge Fund Cybersecurity

Cyber-attacks such as those impacting LinkedIn, Talk-Talk, Yahoo and Sony have forced cybersecurity into the limelight via news making headlines, enough to fill any business with trepidation.

Read More

Articles
Hedgeweek Special Report - Cybersecurity

Hedgeweek Special Report - Cybersecurity

Blind faith is put in third parties without having a clear and full picture of what exactly is being handed over and what level of access is being granted.”

Vladimir Rabotka, Castle Hall

Download

Report
Bank Info Security - SEC Prepares for More Cybersecurity Oversight

Bank Info Security - SEC Prepares for More Cybersecurity Oversight

This week, during a meeting of the Treasury Department's Financial and Banking Information Infrastructure Committee, leaders of the SEC and the Commodity Futures Trading Commission shared updates about their agencies' approaches to cybersecurity, as well as an overview of their examination processes, rules and other actions.

Read More

Articles
Hedge Fund Standards Board - Regulatory Expectations Memo

Hedge Fund Standards Board - Regulatory Expectations Memo

Overview of regulatory requirements, guidance and approaches to cyber security.

Download

Regulatory
Cybersecurity Examination Initiative

OCIE's 2015 Cybersecurity Examination Initiative

OCIE published a Risk Alert announcing a series of examinations to identify cybersecurity risks3 and assess cybersecurity preparedness in the securities industry.

Read More

Regulatory
Cybersecurity Ransomware

SEC (OCIE): Cybersecurity Ransomware Alert

Starting on May 12, 2017, a widespread ransomware attack, known as WannaCry, WCry, or Wanna Decryptor, rapidly affected numerous organizations across over one hundred countries...

Read More

Articles
Screen Shot 2018-10-12 at 11.24.25 AM

New York State Department of Financial Services – FAQs regarding the 23 NYCRR Part 500

The Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. The following provides answers to frequently asked questions concerning 23 NYCRR Part 500. Terms used below have the meanings assigned to them in 23 NYCRR 500.01...

Read More

Regulatory
Observations from Cybersecurity Examinations

SEC Risk Alert: Observations from Cybersecurity Examinations

In OCIE’s Cybersecurity 2 Initiative, National Examination Program staff examined 75 firms, including broker-dealers, investment advisers, and investment companies (“funds”) registered with the SEC to assess industry practices and legal and compliance issues associated with cybersecurity preparedness...

Read More

Regulatory
New York State Department of Financial

New York State Department of Financial Services – FAQs regarding the 23 NYCRR Part 500

The Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. The following provides answers to frequently asked questions concerning 23 NYCRR Part 500. Terms used below have the meanings assigned to them in 23 NYCRR 500.01...

Read More

Regulatory