NFA Information System Security Program Deadline Is March 1

By Oyster Consulting LLC

Individual typing on a laptop.

March 1, 2016 is the effective date of the NFA Interpretive Notice regarding Information Systems Security program (ISSP). The provisions of the Notice applies to all NFA members. To view the notice click here.

Oyster Consulting CEO and Founding Principal Buddy Doyle spoke on the Industry Experts panel in the recent NFA Cybersecurity Workshops in New York, Chicago and Los Angeles. Other panelists included Peter Salmon, Senior Director of Operations and Technology at Investment Company Institute and Patricia Donahue, Senior Vice President, CCO and Regulatory Counsel at Rosenthal Collins Group.

Topics for the panel included:

  • How cybersecurity attacks happen within the workplace
  • Importance of written response plans with appropriate outside legal representation already in place
  • Training – Training is important for everyone from the mail room to the CEO and it is important to train in a way that isn’t too technical so staff will change their behavior
  • Best Practices – New Accounts and Customer Information; wire instructions; and helping GIBs develop a written cybersecurity program
  • Cultivate a relationship with law enforcement before an event happens
  • Data Breaches: Educate yourself by looking at some of the websites that list data breaches, why they occurred and determine where vulnerabilities exist in your organization
  • Due Diligence – Cyber insurance policies; internal risk assessments, and third party risk assessments
  • Finding reputable firms for penetration testing and performing cybersecurity services

To download the entire workshop audio recording click here. The audio recording includes the entire workshop – the Cybersecurity Experts Panel portion of the recording begins at 56:46.