February, 2016.  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice.

Slides:



Advertisements
Similar presentations
Effective Contract Management Planning
Advertisements

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Account Opening. Introduction Process of opening accounts still very similar Disclosure statement required Written approval/disapproval.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Compliance Presented by: Marty McNulty, ARMA Board Member.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.
ISA–The Instrumentation, Systems, and Automation Society SP99 Work Group 2 Planning for TR#2 Second Edition Long Beach Meeting April 28, 2004.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Electronic Trading Rules Presentation to CLS Education Committee May 15, 2013.
Pro-active Security Measures
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
UNDERSTANDING THE RULES ON ADVERTISING WITH GEORGE CHAMBERLIN & MENTOR RIA CONSULTING Compliance Training Series.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Sandler & Travis Trade Advisory Services, Inc. Reducing Risk Through Internal Training: Measurement tools to assess training success WESCCON October 16,
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
February 2, 2016 | Chicago NFA Cybersecurity Workshop.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Protecting your Managed Services Practice: Are you at Risk?
Business Continuity Planning 101
March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.
HIPAA: So You Think You’re Compliant September 1, 2011 Carolyn Heyman-Layne, J.D.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
Cybersecurity as a Business Differentiator
Law Firm Data Security: What In-house Counsel Need to Know
NRC’s 10 CFR Part 37 Program Review of Radioactive Source Security
Cybersecurity - What’s Next? June 2017
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Data Minimization Framework
Decrypting Data Compliance in China
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
Microsoft SAM Managed Service Program
I have many checklists: how do I get started with cyber security?
OHS Staff Introduction Training
Red Flags Rule An Introduction County College of Morris
#IASACFO.
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Cybersecurity compliance for attorneys
Microsoft SAM Managed Service Program
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Explain the role of ethics in financial- information management
Anatomy of a Common Cyber Attack
Presentation transcript:

February, 2016

 On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice regarding cyber-security.  The notice is - Interpretive Notice to NFA Compliance Rules2-9, 2-36, and 2-49 titled Information Systems Security Programs.  The new guidance takes effect on March 1 st,  The Interpretive Notice applies to all NFA members and requires such members to adopt and enforce written cybersecurity policies and procedures. Integritas Financial Consulting2

 Each NFA member subject to the notice must adopt and enforce written cybersecurity policies.  Each NFA member must also implement proactive measures designed to secure customer data and access to electronic systems.  Policies and procedures should be tailored to the specific risks and activities of the member’s business. Integritas Financial Consulting3

Members should adopt and enforce a written information systems security program (“ISSP”) ISSP Must: Contain a Governance Framework Identify Security Risks Manage Security Risks Integritas Financial Consulting4

Members should adopt a risk based approach to the use and protection of IT systems Integritas Financial Consulting5 Security analysis should utilize a risk-based approach to the protection of IT systems Assess and prioritize internal threats Assess and Prioritize external threats Assess Data Vulnerability Assess infrastructure vulnerability Plan for addressing past security incidents Assess third- party vulnerability Plan for managing risks

 Members are expected to implement a number of fundamental safeguards that are appropriate in view of the member’s size, business and resources.  Safeguards should be in place in response to identified risks to client data and the member’s technology infrastructure. Integritas Financial Consulting6

Restrictions on physical accessTechnical access controlsComplex passwordsFirewall and anti-virus protectionApplication white listsTrusted software onlyMethodology for software updates/patchesEncryption at rest and in transitSecure software development lifcyscleWeb filteringSystem for managing mobile devices Integritas Financial Consulting7

Members should create an incident response plan The plan should identify all team members The plan should address and inventory different types of threats The plan should include a methodology for restoring compromised systems and/or data The plan should include escalation procedures The plan should include a methodology for communicating to clients, counter-parties and law enforcement Integritas Financial Consulting8

 Members should provide their employees with information security training: ◦ When on-boarding a new employee, and ◦ Periodically thereafter  Employee training should include: ◦ Social engineering tactics ◦ General technology threats ◦ System compromise and data loss mitigation  The ISSP should be regularly reviewed to assess effectiveness  Members must maintain all records concerning compliance, adoption and implementation of the ISSP Integritas Financial Consulting9

 NFA typically frames issues and their expectations of members as “guidance” as to what a member should do.  Adhering to the Interpretive Notice is one way that a member can fulfill its supervisory obligations under NFA Compliance Rules 2-9, 22-36, and  NFA also recognizes that alternative practices other than described in the Interpretive Notice may fulfill a member’s supervisory obligations.  However, it is likely that NFA will expect compliance with their guidance or members should be prepared to explain why alternative methodologies are sufficient. Integritas Financial Consulting10

 Integritas Financial Consulting can help: ◦ Create an ISSP based on your business and requirements ◦ Review current ISSP’s and provide commentary and gap analysis ◦ Draft policies and procedures ◦ Perform periodic testing to confirm compliance with the Interpretive Notice ◦ Structure and perform training Call us at for a free consultation. Integritas Financial Consulting11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.