Regulation SCI (Systems Compliance and Integrity)

Regulation SCI (Systems Compliance and Integrity)

Click on the above link for a condensed view of my deep research and expertise in Regulation SCI (Systems Compliance and Integrity) covering the following areas:

types of entities
Exempt clearing agencies subject to automation review policy and plan processors
Types of SCI systems
SCI systems
Critical SCI systems
a system which supports either
Indirect SCI systems
SCI events – rule 1002
Categories of events
Even to minimus events are SCI events
Material changes in the system – rule 1003 a
Record-keeping electronic filing rules, 1005 – 1007
system hygiene
intrusion and penetration testing
Improved resilience
Maturity Goals
Internet Threat Mitigation services
detect surges in activity and DDOS efforts
Perimeter and Internal Network Protection Enhancements
hunting for threats at perimeter
hunting for threats internally
Develop Common Vulnerabilities & Exposures (“CVE”) and Common Vulnerability Scoring System (“CVSS”)
set limits tracked daily
“upper bounds” to extreme cyber scenarios beyond which a market couldn’t recover
Intelligence gathering sources
community driven sources
Government Sources
Commercial Providers
Joint Ventures
Redundant IT Infrastructure
near real-time data replication
Protection against Advanced Persistent Threat (“APT”) Attacks:
Use of implementation of a network segmentation strategy
Leverage Private Communications Networks
Main Efforts
enhanced protection of national critical infrastructure;
• improved information sharing between the public and private sectors and corresponding liability protections
• data breach notifications; and
• data privacy issues.
US Regulatory Concerns
Financial Industry Regulatory Authority (“FINRA”) also planned “sweep examinations,
Federal Financial Institutions Examination Council
EU Concerns
European Program for Critical Infrastructure Protection (“EPCIP”)
EU COmmission
Update to EU Data eprotection framework expected in 2015
obligatory Privacy Impact Assessments (“PIAs”
appointment of a Data Protection Officer
madatory breach notifications
can be used to transfer data out of the EU
national Cybersecurity Policy in 2013
National Information Security Center (“NISC”),
flash crashes
runaway trading algorithms
SIP – securities information processor

Douglas S. Knehr, Esq.,MBA, CIPM, CIPP, CISSP (Exam passed, awaiting official certification)

M: 609-635-2226

Stetson Law Alumni -JD -1999

Rutgers Graduate School of Management Alumni -MBA – 1994

CIPM -2014 – Certified Information Privacy Manager

CIPP – 2014 – Certified Information Privacy Professional

CISSP (Exam passed, awaiting official certification)


Security and Risk Management

1 Security & Risk Mgmnt Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in Security and Risk Management covering the following areas:

1.Security and Risk Management

Critical Areas
Data Breaches
Conducting a Business Impact Analysis (BIA)
Continuous improvement
Threat Modeling
Determining potential attacks
Performing a Reduction Analysis
Technologies and processes used to remediate threats
Integrating security risk considerations into acquisitions strategy and practice
Third-Party assessments
Minimum security requirements
Service-Level requirements
Appropriate levels of awareness, training, and education within an organization
Periodic reviews for content relevancy”
Security Principles
Security & Risk Governance
Industry best practices (i.e., NIST, ITIL, ISO 27000, COSO, and COBIT). ”
Mechanisms for the board of directors and management to have the proper oversight to manage the risk to the enterprise to an acceptable level.”
Purpose of governance
Board of directors should:
Be informed about information security
Set direction to drive policy and strategy
Provide resources to security efforts
Assign management responsibilities
Set priorities
Support changes required
Define cultural values related to risk assessment
Obtain assurance from internal or external auditors
Insist that security investments are made measurable and reported on for program effectiveness.”

Security Mgmnt
Interrelationship of Security & Risk Mgmnt
Common Business Issues Affecting Security Risk mgmnt
Governance Committees –
Governance Committees – A governance committee is responsible for recruiting and maintaining the governance board for an organization. ”

Security Roles and Responsibilities
Security Activities
How its done
Implementing Metrics
“Security Council”
Review and Audit the Security Program”
Establish Control Frameworks for Governance
Global Legal and Regulatory Issues
Develop and Implement Security Policy
Business Continuity (BC) & Disaster Recovery (DR) Requirements
Personnel security
Risk Mgmnt Concept
Risk Assessment Process (NIST – National Institute of Standards and Technology)
Security & Audit Frameworks
ID threats and vulnerabilities
Risk assessment analysis
Risk Mitigation
Risk Acceptance
Counter Measures
Type of controls
Access Control Types
Control assessment/ monitoring measurement
Tangible and intangible Asset Valuation
Continuous Improvement
Risk Mgmnt Frameworks
Create a risk inventory of risks and counter measures
Threat Modeling
enables informed decision making on application security risk
procedure to id objectives and vulnerabilities and then define countermeasures to the threats
Determining Potential attacks and reduction analysis
Technologies and processes to reduce threats
Acquisitions Strategy
Security Education Training & Awareness
Formal Training
Creating security awareness course
Creating culture of awareness
Job Training
Performance Metrics

COPYRIGHT Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP  (in Training)

Doug at DougKnehr . com

Welcome. International Data Protection =Information Security + Data Privacy + Governance

Please do stay in touch with me. Enter your contact info:



Email: Please reach me thru linked in

US Citizen



CISSP  – Certified Information Security System Professional 2015

FIP – Fellow of Information Privacy-2017

CIPM –  Certified Information Privacy Manager 2014

CIPP /US – Certified Information Privacy Professional  2014


JD-Juris Doctor-Stetson College of Law FL 1999

MBA        Master of Business Administration (Finance) – Rutgers Graduate School of Management NJ 1994

BS            Bachelor of Science in Business Economics – Rutgers University Cook College NJ 1992

Strengths:  Information Security/Cyber Security, Data Privacy, Data Protection, Litigation. I am a SME at  GRC aspects of cross border Information Security and Data Privacy. I am a full member CISSP (Cyber Security) , FIP (Fellow of Information Privacy), CIPM (Certified Information Privacy Manager), and CIPP/US (Certified Information Privacy Professional).

In House Consulting: I have consulted to the United States SIFMUs (Systemically Important Financial Market Utility to the United States) guiding CISO, CPO and GC departments. I have also consulted for a 27000+ person international organization with a 23 country footprint building out a 2nd Data Protection department.

I have operationalized information security as CISO and created governance for a $193 billion financial conglomerate with 6 major entities.

Cyber Security Tooling & Monitoring: Knowing how to implement cyber security monitoring tools lawfully in an international environment requires a global understanding of data protection.

GDPR and GRC: Possessing deep cyber security, information security and data privacy expertise, I am a GRC, GDPR and data protection guru. I’ve built and worked on multiple data protection programs affecting more than 30,000 employees across  23 countries

I welcome your call: Please reach me on 609-635-2226 or email