Tag: cybersecurity

Categories
Coffee and Regs

What’s Next for Cybersecurity in 2022?

Digital Assets: Trading & Compliance for Cryptocurrency

In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?

 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Daily Compliance News

November 22, 2021 the Why Corruption edition


In today’s edition of Daily Compliance News:

  • Will Activism CEO resign?(WSJ)
  • Office reopening gets trickier. (WSJ)
  • Banks must promptly report cyber breaches. (Reuters)
  • Why do some become corrupt? (Foreign Policy)
Categories
Compliance Into the Weeds

Retreat on DoD Cybersecurity for Contractors

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Today, Matt and Tom take a look at the Department of Defense retreat on its cybersecurity initiative for contractors, CMMC to the new standard of CMMC 2.0.

Some of the issues we consider are:

·      What is CMMC and what morphed into CMMC 2.0?
·      Who led the charge to make these changes?
·      Do these changes help or hurt federal government overall cybersecurity?
·      Will self-assessments work?
·      New FCA claims coming?
·      What about compliance?
Resources
Matt in Radical Compliance, Pentagon Sounds Retreat on CMMC Compliance

Categories
Coffee and Regs

Cybersecurity Training, Talent and Diversity

Cybersecurity Training, Talent and Diversity

In this episode, Founder and CEO at CyberVista, Simone Petrella and CSS’s Director of Cyber IT Services, E.J. Yerzak discuss the importance of cybersecurity training, education, how to recruit talent and diversity in cyber and why compliance and cybersecurity are synonymous.
 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

Simone Petrella is CEO and Co-Founder of CyberVista. Previously, Simone was a Senior Associate at Booz Allen Hamilton where she helped build the firm’s cybersecurity practice in the commercial sector focusing on the creation of cyber fusion centers and the integration of cyber threat intelligence, security operations, and cyber defense operations into effective cyber security operations. For a decade she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, where she built out a threat capability and team with in depth subject matter expertise in all aspects of cyber threat intelligence, including intelligence support to both defensive and offensive operations. Her areas of specialty included predictive cyber intelligence based on an understanding of the threat adversary and developing service offerings to integrate intelligence into exercises to provide realistic cyber scenarios. Simone received her J.D. with honors from Catholic University’s Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy. She is a member of Women in International Security and is admitted to the New York Bar. A native of New Jersey, she has resided in Washington D.C. since 2000.
 
Categories
Coffee and Regs

Digital Assets: Trading & Compliance for Cryptocurrency

Digital Assets: Trading & Compliance for Cryptocurrency

In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?

About Our Guest Speakers:


Allison Fraser provides compliance consulting services to investment advisers, registered investment companies and private investment funds, including conducting annual compliance program reviews and testing, developing risk assessments and preparing for SEC examinations. She also assists clients with drafting policies and procedures and preparing regulatory filings. On behalf of, the Compliance Services division of CSS, Allison served as the Chief Compliance Officer for a family of alternative funds registered under the Investment Company Act of 1940. Prior to joining CSS, Allison served as a Senior Vice President of Compliance at Northern Trust Investments, Inc. (“NTI”), the asset management subsidiary of The Northern Trust Company. In this capacity, she managed and administered the compliance due diligence program for NTI’s Multi-Manager Solutions and Outsourced Chief Investment Officer businesses. Allison also was the Chief Compliance Officer of two registered funds of hedge funds advised by NTI as well as a member of the funds’ Pricing and Disclosure Committees. Before joining NTI, Allison served as the Compliance Director for General Motors Asset Management, where she assisted with the administration of the compliance program for this registered investment adviser.
 

John Gentile is responsible for overseeing various types of broker-dealer and investment adviser consulting engagements, including conducting SEC/FINRA internal control reviews, anti-money laundering testing, written supervisory policy and procedures testing, and other consultation services. John is a frequent speaker at industry conferences on various compliance topics, including “Effective Supervision,” “Large Firm Testing,” FINRA Supervisory Control Rules” and “Anti Money Laundering Requirements for Broker Dealers under the PATRIOT Act.” In 1987 John joined the SEC as a Securities Compliance Examiner, becoming a Branch Chief in 1991. He became Assistant Regional Director in 1993, supervising a team of 20 broker-dealer managers and examiners. He also planned and conducted financial, operational, and sales practice examinations of the largest broker dealers and was among those responsible for a review of hedge funds’ impact on broker dealer internal controls. Before joining the SEC, John was a Financial Damage Analyst with PaineWebber Inc. Most recently from 2000-2007 John was an Executive Consultant, Broker-Dealer Services, at National Regulatory Services. John has an MBA from Fordham University and a BS in Finance from Central Connecticut State University. From 1995 to 2002, John was also a member of the Securities Industry Continuing Education East Coast Content Committee.
Categories
Coffee and Regs

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

Cybersecurity Awareness Month – Reducing Cyber Incidents Through Vendor Due Diligence

 
In this episode, CSS’s team of cybersecurity experts E.J. Yerzak and Mike Farrell kick off Cybersecurity Awareness Month discussing the importance of vendor due diligence and the role that service providers can play in cyber incidents.
 

About Our Guest Speakers:


E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 

 

 

 
Mike Farrell is a Certified Information Systems Auditor (CISA®) and Certified Information Security Manager (CISM®), and Cybersecurity Consultant at CSS. He analyzes data and conducts cybersecurity risk assessments, policy gap analyses, vulnerability scanning and social engineering testing. His Information technology experience includes network installations and management, hardware and software configuration, and troubleshooting.
Categories
Coffee and Regs

The Mood of Compliance

The Mood of Compliance

 

In this episode, CSS’s Executive Director, Jackie Hallihan and Senior Consultant, Adam DiPaolo discuss observations on the mood of compliance, with predictions of heavy regulatory activity, and key areas of focus including enforcement, ESG, cryptocurrency, whistleblowers and cybersecurity.

 

About Our Guest Speakers:

Jackie Hallihan is the Co-Executive Director of CSS’s Compliance Services team and has over 25 years’ regulatory and risk management experience. She was the founder of National Regulatory Services (NRS) which started the compliance resource business and served as its President for over 20 years. She also founded the National Society of Compliance Professionals (NSCP), a non-profit organization for compliance officers, staff and lawyers serving the compliance industry. It now boasts over 2000 memberships. Jackie has been a leading speaker to compliance professionals, including in-house training programs and various other industry association conferences, and has received numerous industry awards. Jackie also serves as Director, Clerk of the New England Broker Dealer Investment Adviser Association (NEBDIAA), a non-profit organization, incorporated in 1997. The purpose of NEBDIAA is to provide a forum for the professional exchange of information among investment advisers, broker dealers, and persons who provide services to investment advisers and broker dealers, and to direct communication among its members which will improve their ability to serve the needs of their respective clients. The forum will help NEBDIAA’s members meet the increased regulatory demands placed on investment advisers, broker dealers, and persons who provide services to investment advisers and broker-dealers.

 

Adam DiPaolo CISA, CRISC is a Section 13 Reporting Manager, Senior Consultant and Associate General Counsel at CSS. Adam designs practical solutions to manage regulatory challenges faced by hedge funds, private equity funds, funds of funds, and other investment advisers. In addition to providing compliance services such as annual compliance program reviews, risk assessments and acquisition due diligence, Adam established Section 13 reporting capabilities and EDGAR filing agent services for CSS’s Compliance Services division. He drafts and maintains corporate filings ranging from Forms ADV and PF to Forms 13F and 13H. Adam also provides cybersecurity risk management services to CSS clients – ranging from network vulnerability scanning to onsite cybersecurity risk assessments to assistance in implementing the NIST cybersecurity framework. He is a Certified Information Systems Auditor (CISA®), and Certified in Risk and Information Systems Control (CRISC™). Adam practiced corporate law prior to joining CSS and has an extensive background in both the public and private sectors. Adam served as Assistant General Counsel at Capgemini – one of the world’s largest providers of Consulting, Technology and Outsourcing services. As in-house counsel to a global consulting business, he implemented pragmatic strategies to resolve complex legal and regulatory issues. Adam earned his B.A. from Pitzer College, his J.D. degree from UC Berkeley – Boalt Hall School of Law, and his LL.M. in Taxation from New York University School of Law. He is a member of the New York State Bar.

 

Categories
ComTech

Towards a Cyber-Secure Future with Jenna Waters


 
Jenna Water’s time in the US Navy equipped her with sophisticated skills she now finds invaluable in her work as Cybersecurity Consultant at True Digital Security. She joins Tom Fox and Valerie Charles on this episode of ComTech to talk about how the cybersecurity industry is evolving, her vision to end security breaches, and what she thinks about President Biden’s executive order on cybersecurity.
 

 
Putting Corporate America on Notice
“I think businesses – particularly those that work in industries regarded as critical infrastructure, obviously because of the Colonial Pipeline hack – …a lot of them know now that they’re on notice,” Jenna tells Tom and Valerie. Recent cybersecurity attacks as well as the rise in ransomware, have driven home the need for good cybersecurity. These attacks not only impact businesses but are now tangibly affecting the lives of everyday citizens. Jenna believes this is sparking change in the industry, as the government, companies, and even the general public are taking cybersecurity more seriously. 
 
End Security Breaches
Tom comments that his clients are now asking about their information security program, something they weren’t concerned about before. He asks Jenna how she would advise a company to start thinking about this issue. She outlines the steps her company takes to help their clients create a customized cybersecurity program. “…By prioritizing your risk, that’s how you can develop a more tailored cybersecurity program,” she points out. She and Tom discuss her vision of ending security breaches overall. She remarks, “For me, ending security breaches is a vision of the future in which a security breach can be detected, identified, and contained effectively… It’s not allowing a security incident to go to the point of a security breach… and it doesn’t affect or impact the organization or public in any significant way other than maybe the time it takes to contain it.”
 
Improving Cybersecurity with Data
“When you’re trying to combat this kind of breach, how do you use data?” Valerie asks Jenna. “Cybersecurity is actually one of the best areas in technology where it can be very data-driven,” Jenna responds. Data can help you build a threat profile and come up with an action plan to combat threats. Analyzing recent and past data can help you establish an operational baseline, and in turn recognize deviations from the norm. It can also help you identify gaps and vulnerabilities in your organization. There’s also the global perspective: gathering and analyzing data on threat groups helps you recognize their patterns before they attack. However, don’t focus only on data and ignore basic psychology. Hackers are still just human beings and are “subservient to human behaviors and motivation,” Jenna reminds listeners. 
 
Cyber Risk Assessment is for Everyone
“I think everybody could benefit from a risk assessment in terms of cybersecurity,” Jenna tells Valerie; businesses in critical industries should prioritize it. Generally, she recommends an annual assessment. However, it should also be done when there is a significant change in operations or in the direction of the business. She argues that leadership buy-in is imperative: “Leadership buy-in for an organization is paramount to the success of the cybersecurity team.” 
 
Thoughts on Biden’s Executive Order
“Do you have any urgent or immediate thoughts on President Biden’s executive order on cybersecurity?” Valerie asks. Jenna responds that she is excited and on board with the order. “As cybersecurity professionals, we like to take advantage of every emergency,” she quips. It’s a positive step signaling that cybersecurity is seen as important at the highest levels of government. On the other hand, however, the executive order may not last after Biden’s term of office as it can be revoked by the next President. Additionally, only certain federal bodies are bound by the order.
 
Resources
Jenna Waters on LinkedIn 
True Digital Security 
 
 

Categories
Compliance Kitchen

Biden Adminstration Executive Order on Cybersecurity


The Kitchen looks into the recent Executive Order that aims to strengthen cybersecurity in the US government and private sectors.

Categories
Compliance Into the Weeds

Biden Administration Executive Order on Cybersecurity


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week Matt and Tom take a deep dive into the Biden Administration’s recently released Executive Order on cybersecurity for both the federal government but also contractors who do work for the US government and their subcontractors.
Some of the issues we consider are:

  • How will there be more and better sharing of threat information?
  • How will we achieve stronger cybersecurity within the government?
  • Why will contractors will need to have stronger oversight of their SW supply chain?
  • What will be the role of compliance?
  • What will be the role of internal audit? 

Resources
Matt’s blog post on Radical Compliance: 
Parsing Biden’s Cybersecurity Order