Regulation SCI (Systems Compliance and Integrity)

Regulation SCI (Systems Compliance and Integrity)

Click on the above link for a condensed view of my deep research and expertise in Regulation SCI (Systems Compliance and Integrity) covering the following areas:

types of entities
SCI SRO
SCI ATS
Exempt clearing agencies subject to automation review policy and plan processors
Types of SCI systems
SCI systems
Critical SCI systems
a system which supports either
Indirect SCI systems
SCI events – rule 1002
Categories of events
Even to minimus events are SCI events
Material changes in the system – rule 1003 a
Record-keeping electronic filing rules, 1005 – 1007
Strategies
system hygiene
patching
intrusion and penetration testing
IDS
Improved resilience
Maturity Goals
Internet Threat Mitigation services
detect surges in activity and DDOS efforts
Perimeter and Internal Network Protection Enhancements
hunting for threats at perimeter
hunting for threats internally
Develop Common Vulnerabilities & Exposures (“CVE”) and Common Vulnerability Scoring System (“CVSS”)
discussions
set limits tracked daily
“upper bounds” to extreme cyber scenarios beyond which a market couldn’t recover
Intelligence gathering sources
community driven sources
Government Sources
Commercial Providers
Joint Ventures
Redundant IT Infrastructure
near real-time data replication
Protection against Advanced Persistent Threat (“APT”) Attacks:
Use of implementation of a network segmentation strategy
Leverage Private Communications Networks
Main Efforts
enhanced protection of national critical infrastructure;
• improved information sharing between the public and private sectors and corresponding liability protections
• data breach notifications; and
• data privacy issues.
US Regulatory Concerns
Financial Industry Regulatory Authority (“FINRA”) also planned “sweep examinations,
SEC
Federal Financial Institutions Examination Council
EU Concerns
European Program for Critical Infrastructure Protection (“EPCIP”)
EU COmmission
Privacy
Update to EU Data eprotection framework expected in 2015
obligatory Privacy Impact Assessments (“PIAs”
appointment of a Data Protection Officer
madatory breach notifications
mechanisms
can be used to transfer data out of the EU
Japan
national Cybersecurity Policy in 2013
National Information Security Center (“NISC”),
Research
flash crashes
runaway trading algorithms
SIP – securities information processor

Douglas S. Knehr, Esq.,MBA, CIPM, CIPP, CISSP (Exam passed, awaiting official certification)

Doug@DougKnehr.com

M: 609-635-2226

Stetson Law Alumni -JD -1999

Rutgers Graduate School of Management Alumni -MBA – 1994

CIPM -2014 – Certified Information Privacy Manager

CIPP – 2014 – Certified Information Privacy Professional

CISSP (Exam passed, awaiting official certification)

http://www.linkedin.com/in/douglasknehr

https://dougknehr.wordpress.com/