victor-lam-800507-unsplash.jpg

 

 Cybersecurity ReferenceHub

 

CISCO 2018

Annual Cybersecurity Report - Cisco 2018

Adversaries and nation-state actors already have the expertise and tools necessary to take down critical infrastructure and systems and cripple entire regions...

Download
Report
Cybersecurity in Europe 2017

Cybersecurity in Europe 2017

Business has changed markedly over the last few years thanks to the rise and sophistication of digital technologies. As asset managers have evolved to become more automated and utilise a plethora of solutions to manage data, they have unavoidably become more vulnerable to serious cyber attacks...

Download

Report
COBIT 2019

COBIT 2019: The New Framework for I&T Governance

COBIT 5, building on its solid foundation by adding the latest developments affecting enterprise information and technology. COBIT 2019 helps enterprises govern information and technology regardless of where it lives. Right-size your governance program and position your entire enterprise for future success.

Read More

Frameworks
Follow our Prioritized Set of Actions to Protect your Organization

CIS Controls™: Follow our Prioritized Set of Actions to Protect your Organization

The CIS Controls™ are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks. The CIS Controls are developed by a community of IT experts who apply their first-hand experience as cyber defenders to create these globally accepted security best practices.

Download

Frameworks
ISO/IEC 27000 family

ISO/IEC 27000 Family

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

Read More

Frameworks
Workforce Management Guidebook

Workforce Management Guidebook

The human is the greatest vulnerability in any organization. In this era of persistent cyber threats, an organization will be secure only with the active participation of everyone. Each member of the group, from the newest employee to the chief executive, holds the power to harm or to help, to weaken or strengthen, the organization’s security posture.

Download

Report
Essential Eight Explained

Essential Eight Explained

The Strategies to Mitigate Cyber Security Incidents is a prioritised list of mitigation strategies to assist organisations in protecting their systems against a range of cyber threats. The mitigation strategies can be customised based on each organisation's risk profile and the cyber threats they are most concerned about.

Download

Report
Cybersecurity from a Risk-Management

Examining Cybersecurity from a Risk-Management Viewpoint

In today’s interconnected world, cybersecurity has a lot of different meanings, depending on your understanding of cybersecurity and how it is used in a business environment. What is even more confusing is the number of definitions that define this term.

Read More

Articles
IT Due Diligence In Private Equity

IT Due Diligence In Private Equity

Private equity (PE) firms are comprised of investors who wish to achieve a financial return from buying into companies, rather than by investing in stocks or bonds. In actual practice, the targeted companies are often struggling financially but still have a tremendous upside as identified by PE investors, and they simply need an infusion of cash with perhaps some added managerial expertise or restructuring to streamline operations.

Read More

Articles
Cybersecurity Workforce Development Toolkit

Cybersecurity Workforce Development Toolkit

The Cybersecurity Workforce Development Toolkit helps organizations understand their organization’s cybersecurity workforce and staffing needs to protect their information, customers, and networks.

Download

Report
Screen Shot 2018-10-12 at 2.58.25 PM

Using Cyber War Games to Improve Incident Response

When the financial services industry undertook a cyber attack simulation called Quantum Dawn in 2013, the exercise shined a spotlight on the importance of cyber war games in helping organizations improve incident response.

Read More

Articles
NIST Version 1.1 Cybersecurity Framework

NIST Releases Version 1.1 of its Popular Cybersecurity Framework

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework.

Read More

Frameworks
SEC Adopts Statement

SEC Adopts Statement and Interpretive Guidance

The Securities and Exchange Commission voted unanimously to approve a statement and interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.

Read More

Regulatory
Taking Control of Vendor Risk: A 6-Step Approach

Taking Control of Vendor Risk: A 6-Step Approach

It may sound like a no-brainer, but you can’t understand the cybersecurity and technology risks posed by your company’s third-party vendors unless you are tracking those vendors and their risks.

Read More

Articles
Increase Cybersecurity Expenditure in 2018

Half of Asset Managers to Increase Cybersecurity Expenditure in 2018 Following Rise in Cyber Attacks

Two-thirds of asset managers believe cyber crime presents a greater threat to their business this year than it did in 2017, according to a survey conducted by Osney Media and BackBay Communications.

Read More

Articles
Objective A. Managing security risk

Objective A. Managing security risk

Appropriate organisational structures, policies, and processes are in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.

Read More

Articles
Six Myths about Hedge Fund Cybersecurity

ECI - Six Myths about Hedge Fund Cybersecurity

Cyber-attacks such as those impacting LinkedIn, Talk-Talk, Yahoo and Sony have forced cybersecurity into the limelight via news making headlines, enough to fill any business with trepidation.

Read More

Articles
Hedgeweek Special Report - Cybersecurity

Hedgeweek Special Report - Cybersecurity

Blind faith is put in third parties without having a clear and full picture of what exactly is being handed over and what level of access is being granted.”

Vladimir Rabotka, Castle Hall

Download

Report
Bank Info Security - SEC Prepares for More Cybersecurity Oversight

Bank Info Security - SEC Prepares for More Cybersecurity Oversight

This week, during a meeting of the Treasury Department's Financial and Banking Information Infrastructure Committee, leaders of the SEC and the Commodity Futures Trading Commission shared updates about their agencies' approaches to cybersecurity, as well as an overview of their examination processes, rules and other actions.

Read More

Articles
Hedge Fund Standards Board - Regulatory Expectations Memo

Hedge Fund Standards Board - Regulatory Expectations Memo

Overview of regulatory requirements, guidance and approaches to cyber security.

Download

Regulatory
Cybersecurity Examination Initiative

OCIE's 2015 Cybersecurity Examination Initiative

OCIE published a Risk Alert announcing a series of examinations to identify cybersecurity risks3 and assess cybersecurity preparedness in the securities industry.

Read More

Regulatory
Cybersecurity Ransomware

SEC (OCIE): Cybersecurity Ransomware Alert

Starting on May 12, 2017, a widespread ransomware attack, known as WannaCry, WCry, or Wanna Decryptor, rapidly affected numerous organizations across over one hundred countries...

Read More

Articles
Screen Shot 2018-10-12 at 11.24.25 AM

New York State Department of Financial Services – FAQs regarding the 23 NYCRR Part 500

The Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. The following provides answers to frequently asked questions concerning 23 NYCRR Part 500. Terms used below have the meanings assigned to them in 23 NYCRR 500.01...

Read More

Regulatory
Observations from Cybersecurity Examinations

SEC Risk Alert: Observations from Cybersecurity Examinations

In OCIE’s Cybersecurity 2 Initiative, National Examination Program staff examined 75 firms, including broker-dealers, investment advisers, and investment companies (“funds”) registered with the SEC to assess industry practices and legal and compliance issues associated with cybersecurity preparedness...

Read More

Regulatory
New York State Department of Financial

New York State Department of Financial Services – FAQs regarding the 23 NYCRR Part 500

The Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. The following provides answers to frequently asked questions concerning 23 NYCRR Part 500. Terms used below have the meanings assigned to them in 23 NYCRR 500.01...

Read More

Regulatory