Tech,Space,Gaming, and Science Fiction News to wet your whistle
SEC Shares Cybersecurity and Resiliency Observations
The U.S. Securities and Exchange Commission (SEC) this week published a report detailing cybersecurity and operational resiliency practices that market participants have adopted.
The 10-page document (PDF) contains observations from the SEC's Office of Compliance Inspections and Examinations (OCIE) that are designed to help other organizations improve their cybersecurity stance.
OCIE examines SEC-registered organizations such as investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others.
Through its reviews, OCIE has observed approaches that some organizations have taken in areas such as governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness.
Observed risk management and governance measures include senior level engagement, risk assessment, testing and monitoring, continuous evaluation and adapting to changes, and communication. Practices observed in the area of vendor management include establishing a program, understanding vendor relationships, and monitoring and testing.
Strategies related to access rights and controls that were observed include access management and access monitoring. Utilized data loss prevention measures include vulnerability scanning, perimeter security, patch management, encryption and network segmentation, and insider threat monitoring, among others.
In terms of mobile security, organizations adopted mobile device management (MDM) applications or similar technology, implemented security measures, and trained employees. Strategies for incident response include inventorying core business operations and systems, and assessing risk and prioritizing business operation.
By sharing these observations, SEC hopes to determine organizations to review their practices, policies and procedures and assess their level of preparedness.
The presented measures should help any organization become more secure, OCIE says, admitting that "there is no such thing as a "one-size fits all" approach." In fact, it also points out that not all of these practices may be appropriate for all organizations.
"Through risk-targeted examinations in all five examination program areas, OCIE has observed a number of practices used to manage and combat cyber risk and to build operational resiliency. We felt it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cybersecurity practices," Peter Driscoll, Director of OCIE, said.
By Liam McCabe This post was done in partnership with Wirecutter . When readers choose to buy Wirecutter's independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here . After six summers of researching, testing, and recommending window air conditioners, we've learned that quiet and affordable ACs make most people the happiest—and we think the LG LW8016ER will fit the bill in most rooms. This 8,000 Btu unit cools as efficiently and effectively as any model with an equal Btu rating, and runs at a lower volume and deeper pitch than others at this price. Little extra features like a fresh-air vent, two-axis fan blades, and a removable drain plug help set it apart, too. The LG LW8016ER is a top choice for an office or den, and some people will find it quiet enough for a bedroom, too. If our main pic