Category Archives: Risk Assessment Policy

Comply with new SEC Cybersecurity Risk Rules

In February 2022 the Securities and Exchange Commission (SEC) voted to enhance the cyber security requirements for registered investment advisers (including registered investment companies and investment funds). The proposed SEC cyber risk management rules would require advisers and funds to adopt and implement a program with written cybersecurity policies and procedures designed to address cybersecurity […]

A Security Policy Framework for IT Risk Assessments

The completion of an information security risk assessment is a key requirement in all information security frameworks, including ISO 27002, NIST 800:53, HIPAA and PCI-DSS.  A recent analysis of regulatory enforcement under HIPAA identifies risk assessment as a key area of weakness. While risk assessments are required, the specifics for how to perform a risk […]