Data Breach Prevention and Response

According to the Investment Firm of the Future, a report published by CFA Institute earlier this year, 24% of the organization’s members rated cybersecurity as their firm’s top technology priority.

With the myriad challenges facing investment professionals in 2018, that’s a striking number.

What to do? E.J. Yerzak, Director of Cyber IT Services for Ascendant Compliance Management, a CSS Company, and Shield, a CSS solution, recently sat down with CFA Institute to discuss planning, protocols, prioritization and more.

A short excerpt:

“It’s one thing to have a documented plan on paper. Until you put it to the test with war games or tabletop exercises, you may not realize that there are some unforeseen situations that may arise.

War-gaming your incident response plan can do wonders for assessing how reasonable it is. Again, you can’t anticipate everything under the sun, but have you anticipated all likely scenarios?

When you start putting the incident response plan to the test . . . someone at the table may say, “Hey, what about this system over here? Our series of five steps here didn’t anticipate that we need to pull backups from system A, and that system A can’t talk to system B unless we’ve done steps one, two, and three over here.” Things like that are important to try to work through in advance.”

You can read the informative interview, “Cybersecurity: The Barbarians are at the Gate,” by clicking here.


For more information on CSS’ cybersecurity solution Shield, click here.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

Service Provider Due Diligence – Building Effective Partnerships

In 2009, the SEC stated at its CCOutreach Program that “when a service provider is utilized, the adviser still retains its fiduciary responsibilities for the delegated services.” This philosophy is as true today as it was 10-plus years ago. Therefore, the question becomes how do you establish a due diligence oversight program for your firm’s … Continued

SEC Adopts Changes to Reporting Forms

Regulation of Derivatives Use by RICs and BDCs Recognizing the proliferation of new derivate products in our markets, the SEC voted to adopt a new regulatory framework for the use of derivatives by mutual funds, ETFs, closed-end funds, and business development companies. The SEC’s press release stated that, “The new rule and rule amendments will … Continued

Time to Use the Bat Phone: Who to Call When a Compliance Officer Needs Help?

It seems that the burden of work continues to increase for compliance professionals in the investment management industry. While also ensuring that their compliance program is effective, compliance officers must also be aware of cybersecurity threats, business continuity plans, new regulations, changes in business strategy, and more – all while doing this under a work … Continued