Cyber Security Programs

The SEC, FINRA and many State Securities Regulators have continued to communicate concerns regarding Cybersecurity Risks. Solid™ has the experts that can assist firms in developing cybersecurity and IT programs aimed at meeting regulatory expectations.


In early 2017, the SEC, FINRA and many State Securities Regulators continued to communicate concerns regarding cybersecurity risks and their expectation that firms address these risks with adequate protective measures. Cybersecurity risks continue to be at the forefront of State, SEC and FINRA regulatory examination priorities. Solid™ assists firms in developing Cybersecurity and Data Protection Programs aimed at meeting these obligations.

Cybersecurity risk and mitigation plans cannot follow a “one size fits all” model. Solid™ assists firms in tailoring Cybersecurity and Data Protection policies and procedures to the firm’s business lines, relevant risk tolerance and business model.

  • 1.

    Cybersecurity Risk Assessments –Where are your firm’s IT and Cyber Risks? This can be difficult to determine without expert guidance. Solid™ risk assessments aid firms in determining:

  • a.

    The nature, sensitivity and location of information that the firm collects, processes and/or stores and the technology systems it utilizes;

  • b.

    Identifies potential internal and external threats and vulnerabilities of the firm’s information and technology systems;

  • c.

    Effectiveness of the governance structure for the management of cybersecurity risk; and

  • d.

    Potential impacts should there be a cybersecurity breach and addresses who will address those risks.

  • 2.

    Assistance in developing the firms Cybersecurity Policy and Data Security Policy. Breaches are expensive. Firms must have data security policies that protect clients from data breaches. Solid™ experts will assist firms in developing these policies. Policies will address:

  • a.

    Controlling access to various systems and data via management of user credentials, encryption, authentication and authorization methods.

  • b.

    Protecting against the loss or exfiltration of sensitive data by restricting the use of removable storage media and deploying software that monitors technology systems for unauthorized intrusions;

  • c.

    Addresses data back-up and retrieval; and

  • d.

    Development of an incident response plan.

  • 3.

    Assistance in developing the firms Incidence Response Plan and Incidence Response Reporting. A vast majority of firms have reported that they have been hit by a cyber incidence or attack. Can your firm identify and address cyber incidences and attacks? Let Solid™ help you put in place Incidence reporting policies and Incidence Response reporting mechanisms that address and track these types of events. Tracking Incidence Reporting helps firms in establishing patterns and addressing attacks before they happen.

  • 4.

    Cybersecurity and Privacy Training. Our team of experts will address red-flags for identity theft, privacy concerns and reviewing your firm’s protocols for reporting concerns and potential breaches

  • 5.

    Guidance towards vendor due diligence. Let’s face it, finding the right vendor and ascertaining their level of experience and security is tough. Let our team of experts undertake your initial and ongoing annual vendor due diligence review.


We are here to help.

A Solid™ consultant is available to discuss how your firm can take advantage of all that Solid™ has to offer & move your company forward

Contact me about the following:

Additional comments:

Solid™ respects your privacy. Periodically, we’ll send you news or offers, but you’ll be able to unsubscribe at any time.