Cybersecurity Blog Part 2

Additional Detail on Cybersecurity Policy and Procedure Requirements


New Cybersecurity Risk Management Rules

As proposed, the new Cybersecurity Risk Management Rules (Rule 206(4)-9 under the Advisers Act and new Rule 38a-2 under the Investment Company Act) will require firms to adopt and implement a written cybersecurity risk management program that covers the following areas, while allowing for some degree of customization to each firm’s business:

  • Periodic risk assessment and inventory
  • User Security and Access
  • Information Protection
  • Threat and Vulnerability Management, and
  • Incident Response and Recovery

To read the entire follow-up blog post, download now!