Presentation is loading. Please wait.

Presentation is loading. Please wait.

February, 2016.  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice.

Published byDouglas Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "February, 2016.  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice."— Presentation transcript:

1 February, 2016

2  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice regarding cyber-security.  The notice is - Interpretive Notice to NFA Compliance Rules2-9, 2-36, and 2-49 titled Information Systems Security Programs.  The new guidance takes effect on March 1 st, 2016.  The Interpretive Notice applies to all NFA members and requires such members to adopt and enforce written cybersecurity policies and procedures. Integritas Financial Consulting2

3  Each NFA member subject to the notice must adopt and enforce written cybersecurity policies.  Each NFA member must also implement proactive measures designed to secure customer data and access to electronic systems.  Policies and procedures should be tailored to the specific risks and activities of the member’s business. Integritas Financial Consulting3

4 Members should adopt and enforce a written information systems security program (“ISSP”) ISSP Must: Contain a Governance Framework Identify Security Risks Manage Security Risks Integritas Financial Consulting4

5 Members should adopt a risk based approach to the use and protection of IT systems Integritas Financial Consulting5 Security analysis should utilize a risk-based approach to the protection of IT systems Assess and prioritize internal threats Assess and Prioritize external threats Assess Data Vulnerability Assess infrastructure vulnerability Plan for addressing past security incidents Assess third- party vulnerability Plan for managing risks

6  Members are expected to implement a number of fundamental safeguards that are appropriate in view of the member’s size, business and resources.  Safeguards should be in place in response to identified risks to client data and the member’s technology infrastructure. Integritas Financial Consulting6

7 Restrictions on physical accessTechnical access controlsComplex passwordsFirewall and anti-virus protectionApplication white listsTrusted software onlyMethodology for software updates/patchesEncryption at rest and in transitSecure software development lifcyscleWeb filteringSystem for managing mobile devices Integritas Financial Consulting7

8 Members should create an incident response plan The plan should identify all team members The plan should address and inventory different types of threats The plan should include a methodology for restoring compromised systems and/or data The plan should include escalation procedures The plan should include a methodology for communicating to clients, counter-parties and law enforcement Integritas Financial Consulting8

9  Members should provide their employees with information security training: ◦ When on-boarding a new employee, and ◦ Periodically thereafter  Employee training should include: ◦ Social engineering tactics ◦ General technology threats ◦ System compromise and data loss mitigation  The ISSP should be regularly reviewed to assess effectiveness  Members must maintain all records concerning compliance, adoption and implementation of the ISSP Integritas Financial Consulting9

10  NFA typically frames issues and their expectations of members as “guidance” as to what a member should do.  Adhering to the Interpretive Notice is one way that a member can fulfill its supervisory obligations under NFA Compliance Rules 2-9, 22-36, and 2-49.  NFA also recognizes that alternative practices other than described in the Interpretive Notice may fulfill a member’s supervisory obligations.  However, it is likely that NFA will expect compliance with their guidance or members should be prepared to explain why alternative methodologies are sufficient. Integritas Financial Consulting10

11  Integritas Financial Consulting can help: ◦ Create an ISSP based on your business and requirements ◦ Review current ISSP’s and provide commentary and gap analysis ◦ Draft policies and procedures ◦ Perform periodic testing to confirm compliance with the Interpretive Notice ◦ Structure and perform training Call us at 312.894.1041 for a free consultation. Integritas Financial Consulting11

Download ppt "February, 2016.  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice."

Similar presentations

Effective Contract Management Planning

Effective Contract Management Planning
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Account Opening. Introduction Process of opening accounts still very similar Disclosure statement required Written approval/disapproval.

Account Opening. Introduction Process of opening accounts still very similar Disclosure statement required Written approval/disapproval.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Phone: (919) 573-6132 Fax: (919) 677-8470 21CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.

Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.

Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Compliance Presented by: Marty McNulty, ARMA Board Member.

Compliance Presented by: Marty McNulty, ARMA Board Member.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.

Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.

Similar presentations

Ads by Google