5.7.6.1. Best Practices for Forming a Cybersecurity Plan
Both the SEC and FINRA have offered guidelines for firms to follow in order to establish and implement a framework for forming a cybersecurity plan. Both agencies suggest that firms:
• Define and establish a governing framework for the prevention of cybersecurity risks. The framework should clearly describe the specific roles and responsibilities of each employee at the firm.
• Develop a plan to prevent, detect, and respond to cybersecurity threats. The plan should establish the best methods to control access to system and data management and user credentials, implem