Services for Investment Advisors

CIOReview

NES-pdf_iconDownload the Services for Investment Advisors Information Sheet (PDF)

NES-pdf_iconDownload the Honey Pot (Residential Network) Threat Illustration (PDF)

Cybersecurity for Investment Advisors

NES’s cybersecurity professionals are best-in-class and are highly trained.

Our cybersecurity team members come from the elite among the U.S. intelligence community, including U.S. Army Cyber Command (ARCYBER) and the U.S. Air Force Office of Special Investigations (OSI), and have decades of experience anticipating and combating hackers of all levels.

Our policy experts have decades of combined experience in Certification and Accreditation and are intimately familiar with the most recent industry guidance (SEC, NFA/ CFTC, FTC), as well as the established security frameworks that underlie the guidance (NIST, ISO, OWASP, COBIT, SANS).

Our cyber management team has executive-level financial services experience, enabling them to optimize our service offering for your operating and risk management priorities.

Security Health Assessment & Compliance Service Offering for Investment Advisors

Our Cybersecurity Health Assessment, outlined below, ensures that our clients are compliant and secure. In addition to our policy documentation deliverables, which map to the focus areas called out by the SEC and the NFA (see the table below), our engineers and forensics specialists will walk you through a detailed action plan to address any vulnerabilities found in your environment and, most importantly, they are prepared to fix the vulnerabilities they find (or verify fixes performed by your current IT provider).

Our Cybersecurity Health Assessment includes the following: 

  • An in-depth, SEC- and NFA-focused cybersecurity report
  • 21 customized SEC policy & procedures documents
  • A comprehensive, on-site network scan & analysis
  • A complete cybersecurity health assessment with prioritized vulnerability reports
  • Periodic (Quarterly) follow-on cybersecurity health assessment scans
  • Periodic (Quarterly) updates to security compliance documentation
  • On-site cyber training for employees and IT staff
  • Optional security-focused SLA reviews
  • A prioritized summary of recommended security engineering work
  • A one-year subscription to our weekly Cybersecurity Awareness newsletter

Complimentary (On-site) Network Cybersecurity Health Assessment Scan

Contact us today to receive a complimentary on-site network and system-level cybersecurity health assessment scan.  Our engineers will provide you with a high-level risk report detailing any vulnerabilities they detect.  And a dedicated NES point of contact will provide you with a complimentary action plan for achieving compliance and security.

On-site Training & Hacking Demonstration

Our Health Assessment includes on-site information security training for your employees, and our curriculum – which we adapt as needed to focus on senior managers, compliance staff, and/or IT staff – maps directly to the details of the latest cybersecurity regulatory guidelines.  We utilize a highly experienced, cross-functional team of instructors comprising at least one certified information security policy expert (CISSP) and a combination of cyber forensics technicians and penetration testers (SANS-certified white hats), each of whom have extensive experience anticipating and mitigating real-world security attacks.  Unlike the typical compliance or IT training experience, our interactive training is highly engaging and includes a demonstration of one or more common network hacks.  Our specialists can speak directly to the tactics employed by attackers today and will adapt their focus based on your firm’s infrastructure and operating environment.

Periodic or Continuous Monitoring

Our Health Assessment includes either periodic or continuous network monitoring, which we adapt to suit your firm’s operating and risk management priorities.

Compliance & Documentation Services

The table below maps directly to the preparedness areas focused on by the SEC, National Futures Association (NFA), and others.  Our engineers and cyber policy analysts are expert in these requirements, as they each derive from the well-established information security frameworks that our teams have implemented and managed for decades (e.g. NIST, ISO, COBIT, SANS).

As part of our Cybersecurity Health Assessment we provide templates (as needed) for each of these policy documents, and, as either a standalone service or in tandem with your current compliance/ IT provider(s), we customize each of them for you.  We then provide periodic (quarterly) re-assessments, including scans and policy document reviews, to ensure that you remain secure and compliant as industry-specific cyber regulations develop.

Custom Engineering Services

Our engineering teams comprise certified, highly qualified specialists with expertise in networking, systems and application engineering, database architecture, and security for mobile, remote and virtual work environments.  Our custom engineering services, including those shown in the chart below, enable us to quickly patch or remedy whatever vulnerabilities we might discover in your environment.

Penetration Testing

In addition to the cybersecurity health assessment that comes with our Health Assessment service, and any remediation (engineering) that might be needed to secure your environment, we provide optional follow-on penetration testing services to ensure that your environment is secure.  In doing so we utilize only certified, highly experienced penetration testers (SANS-certified white hats) who have experience anticipating and mitigating real-world attacks.