On March 24, 2022, the Hedge Fund Law Report published an article on the recently proposed cybersecurity rules for investment advisers and registered investment funds, which featured an interview with Avi Gesser, Co-Chair of the Debevoise Data Strategy and Security Practice: SEC Proposes Cyber Risk Management Rules for Advisers
The article discusses the following aspects of the proposal:
- Rationale for the Proposal
- Regulatory Framework
- Cybersecurity Policies and Procedures
- Annual Review and Report
- Governance and Oversight
- Risk Assessments
- User Security and Access
- Information Protection
- Threat and Vulnerability Management
- Incident Response
- Mandatory Reporting of “Significant” Cybersecurity Incidents
- Form ADV‑C
- Cybersecurity Risk and Incident Disclosures
- Recordkeeping
- Requests for Comments
You can read the full article here.