How Does SEC’s OCIE Cybersecurity Initiative Affect Cloud Computing?

Grazed from Stratosec.co.  Author: Editorial Staff.

In April, the SEC’s Office of Compliance Inspections and Examinations (OCIE) made headlines as they released a Risk Alert stating they would be examining the information security posture of “more than 50” registered broker-dealers and investment advisors. As we provide secure cloud services to organizations that may be examined as part of this process, we’re watching with interest.  In particular, we wanted to know: how does the OCIE cybersecurity initiative affect cloud computing?

The OCIE is basing their questions on NIST’s Framework for Improving Critical Infrastructure Cybersecurity. Generally, the NIST document is a common-sense framework for an organization to describe their existing security posture, describe the organization’s target security state, and then prioritize how to get there. For organizations that do not have a mature information security program, the NIST Framework provides a great way to understand their current security posture, and create a plan to improve it…


The OCIE is using the exam to get an understanding of the state of information security preparedness of the securities industry, and learn about recent information security experiences in the industry. The sample exam questions in the Risk Alert Appendix provide a clear picture of the type of information the SEC is interested in. For the experienced information security practitioner, the questions are reasoned and will not come as a surprise…

Read more from the source @ http://stratosec.co/2014/secs-ocie-cybersecurity-initiative-affect-cloud-computing/