Cybersecurity is the #1 concern for compliance professionals, and yet internal IT and cybersecurity teams aren’t growing. The pressure continues to mount as the SEC, investors and the c-suite are all wanting to know, “what are you doing for cybersecurity?” This is why we created our comprehensive compliance program, specifically aligned with the SEC OCIE Risk Alert and subsequent Guidance Updates. It’s a way for our hedge fund, private equity, and alternative asset clients to solve for an immediate need that impacts their job security, as well as their firm’s reputation. We’ll spend 24 months putting you through SEC compliance training exercises, seminars, testing and briefings, all of which will continue to develop your cybersecurity fitness on a scalable and digestible pace.
SECURITY RISK ASSESSMENT + SEC Mock Audit
We use technical, policy and procedural lenses to review your information security maturity to then determine how likely you are to experience a cybersecurity attack. As a part of your assessment, we also conduct a mock audit so you’re fully prepared for the SEC.
POLICY REVIEW & DEVELOPMENT
Leveraging industry trends and external threats, we create or review your security policies, and we keep those policies up to date based on changing SEC compliance requirements.
INCIDENT RESPONSE TESTING
We work with you to conduct annual tabletop exercises with c-suite stakeholders, including follow-up discussions and whiteboarding sessions, in order to test your incident response plan.
SECURITY ARCHITECTURE REVIEW
This evaluation determines if your current security solutions are functioning as intended. The results yield a report with specific recommendations for improvements.
MONTHLY SECURITY STRATEGY
Your Project Manager and vCISO meet with you monthly to review program progress, report on deliverables and inform you of shifts in the regulatory and cybersecurity threat landscapes.
Our cybersecurity engineers examine your security posture from an attacker’s point of view to expose weaknesses through on-site and remote testing.
SOCIAL ENGINEERING TESTING
We test your team’s response to a variety of internal threats, such as pretexting, phishing and USB drive baiting, and include a physical evaluation of security in your office space.
SECURITY AWARENESS TRAINING
Agio’s annual seminar leverages results from our social engineering testing to educate and inform your team on how to identify and avoid an attack.
SEC AUDIT ASSISTANCE
Should the SEC decide to audit your firm, we serve as an on-site advisor during the examination. We’re there every step of the way so you can feel confident your cybersecurity partner has your back.
One of the most critical elements of our program is our SEC Mock Audit. It provides you the most definitive depiction of how your firm will perform should the SEC choose to audit you with regards to your cybersecurity efforts. Here’s our process:
Step 1: We review and assess your firm against the SEC’s six areas of focus:
- Governance and Risk Management
- Access Rights and Controls
- Data Loss Prevention
- Vendor Management
- Incident Response (IR)
Step 2: We evaluate you against the eight control categories identified in all cybersecurity best practices:
- Network Security
- Data Protection
- Access Control
- System Development, Acquisition, and Maintenance
- Malicious Code
- System Hardening
- Security Testing and Monitoring
- Security Policy
Step 3: We cross-reference your dual-results against the SEC’s multiple Risk Alerts to paint a clear picture of where your firm stands with regards to the SEC’s expectations.
Our Team is Your Team (and it’s Better)
Our Governance Program was the first of its kind, but it’s certainly not the last. We remain, however, the only program on the market to offer you a solution driven by an experienced virtual CISO committed to guiding you from start to finish. This means forward-thinking advice, monthly meetings, strategic discussions on the direction of your firm, and tactical decisions required to move the cybersecurity needle today.
In addition to your vCISO, your program comes with a trained Project Manager to ensure you stay on track during your 24-months with Agio. So, if there ever comes a time when your c-suite, investors or regulatory bodies request a record of what you’re doing for cybersecurity, your Project Manager will have every step, every action, every meeting, and every improvement documented and ready to go. We’ve thought of it all when it comes to your cybersecurity health so you don’t have to.
There’s nothing we haven’t thought of when it comes to your SEC Cybersecurity Governance Program. You can rest easy knowing your governance is as strong as it will ever be. Watch and learn more.