The Securities and Exchange Commission published observations related to cybersecurity and operational resiliency practices taken by market participants. SEC chair Jay Clayton said in a statement that market participants should incorporate the information into their cybersecurity assessments.
The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. The observations highlight specific examples of cybersecurity and operational resiliency practices and controls that organizations have taken to potentially safeguard against threats and respond in the event of an incident.