NIBA - Celebrating 35 Years
Cyber Security: Safety, Compliance or Both?
Back to Journal
Uncategorized

Cyber Security: Safety, Compliance or Both?

N
Written by
NIBA
Published
Reading time
2 min
Good security protects against cyber threats. Regulatory compliance protects your business too. NFA Interpretive Notice 9070 sets the requirements and guidelines for an effective security program that meets both cyber security protection and compliance goals. Cyber Security or Compliance? Some executives are unsure if their cyber security program should be compliance driven or security focused. Being secure and in compliance are not the same thing, but NFA 9070’s requirements and guidelines help member firms achieve both. This article summarizes some key elements of NFA 9070. Written ISSP Member firms are required to have a written document that describes their Information Systems Security Program (ISSP) and designates the executive responsible for it. The ISSP and its implemented controls must be documented, and must be reviewed at least annually for effectiveness by someone with appropriate security expertise (internal or external). Security Actions and Safeguards After considering technology risks and their possible impact, firms must identify and implement controls to appropriately protect their systems and data. Actions and safeguards identified in 9070 include:
  • Maintain an inventory of hardware and software
  • Identify and protect confidential data (financial records, personal and customer data)
  • Use data encryption as appropriate (when data transmitted and stored)
  • Implement identity and access controls for systems and networks
  • Require strong passwords
  • Use antivirus software, firewalls, web-filters and other security tools
  • Update operating systems and software with current releases and patches
  • Monitor activity to detect potential threats, suspicious activity or breaches
  • Provide annual security awareness training (required)
Cyber Security and Compliance The business risks from cyber attacks continue to increase, but a security program consistent with NFA Notice 9070 decreases the chance of an incident and the impact if one does occur. Following the requirements and guidelines in NFA 9070 both establishes an effective program and documents a strong compliance record. vSEC is a cybersecurity consulting firm that specializes in the derivatives industry. Our website offers a questionnaire for firms to self-evaluate their security program against NFA 9070. We have helped multiple firms create or review their ISSP and security program. To learn more email info@vsecllc.com or visit www.vsecllc.com

Stay Informed

Subscribe to the NIBA Journal for the latest insights and industry updates

Related Articles

View All
NIBA Rings CBOE Closing Bell – 35th Anniversary Celebration
Member Announcements

NIBA Rings CBOE Closing Bell – 35th Anniversary Celebration

The National Introducing Brokers Association (NIBA) had the distinct honor of ringing the closing bell on the floor of the Chicago Board Options Exchange as part of our 35th anniversary celebrations. Surrounded by the energy and camaraderie of the trading floor community, NIBA Chairman, Melinda Schramm and NIBA board members marked this milestone by participating in a time-honored market tradition that symbolizes the close of trading and the collective spirit of our industry. This moment not only highlights NIBA’s enduring role in the futures and options markets but also reinforces the deep connections we share with the broader trading community — a vibrant network of professionals committed to growth, integrity, and innovation. Watch the video below to relive this special...

Marketing Strategy: Customer Segmentation
Uncategorized

Marketing Strategy: Customer Segmentation

When I am talking with a friend or colleague who wants to kickstart their marketing efforts, my approach is “simpler is better”. It’s a lot like getting off the couch and back into the gym. Often the best way is to start simple and then build up from there. So, what I’d like to suggest to you as a NIBA member firm is to get started with SEGMENTATION of your contacts and customers. Imagine the difference in experience for a commodities trader who receives an email promoting opening an account. In the first email, it has a general header that seems to focus on equity indexes and has several forex symbols shown. In the second example, the entire header is...

NFA Celebrates NIBA's 30th Anniversary
Uncategorized

NFA Celebrates NIBA's 30th Anniversary

Congratulations to the NIBA on its 30th anniversary! As the self-regulatory organization for the derivatives industry, a critical element of NFA's mission is to ensure that all NFA Members understand their regulatory obligations. During the past few decades, NFA and the NIBA have often collaborated to develop educational materials, draft notices and deliver programs specifically customized for the NIBA's membership. NIBA Chairman and Founder Melinda Schramm and her team work tirelessly to identify these educational opportunities and ensure that each program successfully addresses the needs of derivatives professionals. For example, NFA and the NIBA recently delivered a webinar entitled "Navigating Regulatory Requirements in a Hybrid Environment." Feel free to access this informative webinar on NFA's website. NFA looks forward to...