Sign up for free newsletter



Gravitas white paper provides actionable layered strategy for asset management firms

A white paper from Gravitas provides alternative investment companies with a layered cybersecurity strategy including a six-point framework of actionable steps to address a range of cyber-threats head on.

Gravitas is a co-sourcing platform providing portfolio management and risk analytics, research and analytics, operations and information technology services to the alternative investment industry.
“The evolving cyber-threat landscape and increased regulatory scrutiny have created tremendous pressure for alternative investment firms as they shore-up their IT security,” says Patrick Mullevey, executive director of Systems Integration at Gravitas. “Gravitas has constructed a framework for assessing a firm’s cybersecurity awareness, preparedness and resilience to operational threats and regulatory compliance requirements. Our new white paper outlines a six-point action plan to help firms generate procedures and add required technologies to better protect themselves.”
The Gravitas paper - Cybersecurity: How Alternative Investment Companies Manage Operational and Regulatory Risks – recommends that all firms reflect on their existing operations and develop or enhance a cybersecurity strategy designed to protect critical data, systems and applications. An initial operational risk assessment quickly determines the current level of risk inside a firm and is outlined in the white paper. 
Creating and implementing a layered cybersecurity strategy is based on the concept that any one point of protection can, and will be, penetrated. While there are multiple layers to a cybersecurity approach, there are six types of layers upon which to focus in order to mitigate the potential risk for each one:
1.    Physical security: to protect the hardware, networks and data from a material breach, including protection from fire, power, disgruntled employees and terrorism;
2.    Network security: to protect against risks associated with web browsing and email;
3.    Malware: to control the download and protect against an attack spreading across the firm infrastructure;
4.    Access control and password management: to control administrative permissions;
5.    File monitoring: to cross-check the alignment between access controls business requirements and an ever-growing file system;
6.    Incident response plan: to implement a set of processes and procedures to rapidly discover, acknowledge, compartmentalise, neutralise and eradicate an attack from the environment.

1 week 5 hours from now - Hong Kong
1 week 1 day from now - Toronto
1 week 3 days from now - Shanghai
Sun, 09/04/2017   - Dubai
Mon, 15/05/2017   - London
IKONIC Fund Services Ltd.
Tue, 29/11/2016 - 12:28
Backstop Solutions Group
Tue, 08/11/2016 - 18:44
The Gemini Companies
Mon, 17/10/2016 - 12:51
other gfm publications