NIBA - Celebrating 35 Years
Back to Journal
Uncategorized

Cyber Security: Safety, Compliance or Both?

N
Written by
NIBA
Published
Reading time
2 min
Good security protects against cyber threats. Regulatory compliance protects your business too. NFA Interpretive Notice 9070 sets the requirements and guidelines for an effective security program that meets both cyber security protection and compliance goals. Cyber Security or Compliance? Some executives are unsure if their cyber security program should be compliance driven or security focused. Being secure and in compliance are not the same thing, but NFA 9070’s requirements and guidelines help member firms achieve both. This article summarizes some key elements of NFA 9070. Written ISSP Member firms are required to have a written document that describes their Information Systems Security Program (ISSP) and designates the executive responsible for it. The ISSP and its implemented controls must be documented, and must be reviewed at least annually for effectiveness by someone with appropriate security expertise (internal or external). Security Actions and Safeguards After considering technology risks and their possible impact, firms must identify and implement controls to appropriately protect their systems and data. Actions and safeguards identified in 9070 include:
  • Maintain an inventory of hardware and software
  • Identify and protect confidential data (financial records, personal and customer data)
  • Use data encryption as appropriate (when data transmitted and stored)
  • Implement identity and access controls for systems and networks
  • Require strong passwords
  • Use antivirus software, firewalls, web-filters and other security tools
  • Update operating systems and software with current releases and patches
  • Monitor activity to detect potential threats, suspicious activity or breaches
  • Provide annual security awareness training (required)
Cyber Security and Compliance The business risks from cyber attacks continue to increase, but a security program consistent with NFA Notice 9070 decreases the chance of an incident and the impact if one does occur. Following the requirements and guidelines in NFA 9070 both establishes an effective program and documents a strong compliance record. vSEC is a cybersecurity consulting firm that specializes in the derivatives industry. Our website offers a questionnaire for firms to self-evaluate their security program against NFA 9070. We have helped multiple firms create or review their ISSP and security program. To learn more email info@vsecllc.com or visit www.vsecllc.com

Stay Informed

Subscribe to the NIBA Journal for the latest insights and industry updates

Related Articles

View All
Uncategorized

Marketing Strategy: Customer Segmentation

When I am talking with a friend or colleague who wants to kickstart their marketing efforts, my approach is “simpler is better”. It’s a lot like getting off the couch and back into the gym. Often the best way is to start simple and then build up from there. So, what I’d like to suggest to you as a NIBA member firm is to get started with SEGMENTATION of your contacts and customers. Imagine the difference in experience for a commodities trader who receives an email promoting opening an account. In the first email, it has a general header that seems to focus on equity indexes and has several forex symbols shown. In the second example, the entire header is...

Uncategorized

NFA Celebrates NIBA's 30th Anniversary

Congratulations to the NIBA on its 30th anniversary! As the self-regulatory organization for the derivatives industry, a critical element of NFA's mission is to ensure that all NFA Members understand their regulatory obligations. During the past few decades, NFA and the NIBA have often collaborated to develop educational materials, draft notices and deliver programs specifically customized for the NIBA's membership. NIBA Chairman and Founder Melinda Schramm and her team work tirelessly to identify these educational opportunities and ensure that each program successfully addresses the needs of derivatives professionals. For example, NFA and the NIBA recently delivered a webinar entitled "Navigating Regulatory Requirements in a Hybrid Environment." Feel free to access this informative webinar on NFA's website. NFA looks forward to...

Member Announcements

Ascent Capital Management Congratulates NIBA's 30th Anniversary

Ascent Capital Management has been an active member of the NIBA since we were established in 2011. The NIBA provides several tools to assist firms to maintain compliance with many of the regulatory changes that have become commonplace in our industry. Semi-annual meetings with various speakers on many diverse topics are just some ways that the NIBA helps keep its members up to speed and avoid regulatory issues. New products, changes to AML requirements and Cyber-Security have been some examples of past areas of education. Of course, attendees are encouraged to ask questions at the conclusion of the panel discussion to help their understanding of the topics at hand. Often the NFA participates and are always very accommodating to answer...