MFDF - Mutual Fund Directors Forum - Finra Cybersecurity Report Offers Effective Practices on Oversight, Evaluation of Firms test

Member Login

Request an account

Sample Banner 2

Finra Cybersecurity Report Offers Effective Practices on Oversight, Evaluation of Firms

A Finra report offers insights on effective practices firms use to address selected cybersecurity risks. The report, aimed at helping broker-dealer firms develop their cybersecurity programs, addresses direct cyberattacks, risk mitigation and oversight of third parties. The report noted, for instance, that the firms it observed “conducted thorough due diligence to select vendors with a sound knowledge of cyber risks, current attack techniques and appropriate tools to emulate the actions of an attacker.” The report added that some firms required vendors to provide an ethical hacking certification such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or GIAC Penetration Tester (GPEN) certifications prior to an engagement. Key topics covered in the report include:

  • how firms have strengthened their cybersecurity controls in branch offices, which is especially important for firms with decentralized business models;
  • limiting phishing attacks;
  • the importance of identifying and mitigating insider threats;
  • the elements of a strong penetration testing program; and
  • establishing and maintaining controls on mobile devices.
  • All
  • Accounting and Audit
  • Advisory Contracts
  • Board Governance
  • Board Governance: Board Leadership
  • Board Governance: Compensation
  • Board Governance: Oversight of CCO
  • Board Governance: D&O Insurance
  • Board Governance: Self-Evaluation
  • Closed-end Funds
  • ETFs
  • Other Oversight
  • Other Oversight: Alternative Investments and Derivatives
  • Other Oversight: Custody
  • Other Oversight: Fixed Income funds
  • Other Oversight: Distribution
  • Other Oversight: Portfolio Trading
  • Other Oversight: Proxy Voting
  • Other Oversight: Securities Lending
  • Legislative News
  • Money Market Funds
  • Reference
  • Regulatory News
  • Risk
  • Shareholder Disclosure
  • Valuation
  • Webinars
  • Aaron New Tag