In a response to an FOI Request asking “The total number of cyber incidents (both attacks and those attributable to human error) suffered (to your knowledge) by the private equity firms that you regulate” The FCA doesn’t hold data for Private Equity particularly but does for firms with Managing Investment permissions and the results are […]
“CESG now recommend organisations do not force regular password expiry. [They] believe this reduces the vulnerabilities associated with regularly expiring passwords … … while doing little to increase the risk of long-term password exploitation” This is actually sane advice if, and only if, you follow all of it! There is more…. In a blog post called The problems with […]
why do thieves target banks? as Willie Sutton apocryphally said “because that’s where the money is.” Fire Eye has released a report on the activities on a group called FIN4. They target C suite individuals in fortune 100 companies via email. And these are not the Nigerian 419 emails, they are well written and highly […]
76 million households and 7 million small businesses data compromised, which is pretty much all of their retail customers in the US One person briefed said more than 90 of the bank’s servers were affected, effectively giving the hackers high-level administrative privileges in the systems. Faced with the rising threat of online crime, JPMorgan has […]
Press Releases | Cordium | Cordium partners with IP Sentinel – Delivering clients solutions for the Regulator’s enhanced focus on IT and Cybersecurity.
I’m one of the Presenters! So if you want to hear more about Cyber Security in a Regulated entity please come along Events | Cordium | Webinar: Cybersecurity & the Regulator What You Need to Know.
What the investigators found inside Nasdaq shocked them, according to both law enforcement officials and private contractors hired by the company to aid in the investigation. Agents found the tracks of several different groups operating freely, some of which may have been in the exchange’s networks for years, including criminal hackers and Chinese cyberspies. Basic […]
The Financial Conduct Authority (‘FCA’) has historically been rather Delphic about the status of Information Technology (‘IT’) in regards the SYSC and COBS rules. The language in the rule books describes “systems” and “processes” but is not specific about the implementation of or the platform upon which they exist. For instance Record Keeping (SYSC 9.1) […]
A summary of the more relevant, in regards IT, rules within the FCA handbooks. Biggest takeaway is get the compliance dept onside and they are mandated to force through the budget! SYSC 6.4.1 is your friend in this regard. System Security SYSC 3.2.6 & SYSC 6.1.1– A firm must take reasonable care to establish and […]
Is your firm compliant with the FCA regulations on Archiving? Let’s imagine you’ve outsourced your IT to your preferred IT outsourcing provider and they have stated that they will provide a 7 year archiving service… Is that any good to you? – Probably not without a thorough understanding of your responsibilities and understanding how your outsource […]