Report

Gravitas white paper provides actionable layered strategy for asset management firms

A white paper from Gravitas provides alternative investment companies with a layered cybersecurity strategy including a six-point framework of actionable steps to address a range of cyber-threats head on.

Gravitas is a co-sourcing platform providing portfolio management and risk analytics, research and analytics, operations and information technology services to the alternative investment industry.
 
“The evolving cyber-threat landscape and increased regulatory scrutiny have created tremendous pressure for alternative investment firms as they shore-up their IT security,” says Patrick Mullevey, executive director of Systems Integration at Gravitas. “Gravitas has constructed a framework for assessing a firm’s cybersecurity awareness, preparedness and resilience to operational threats and regulatory compliance requirements. Our new white paper outlines a six-point action plan to help firms generate procedures and add required technologies to better protect themselves.”
 
The Gravitas paper - Cybersecurity: How Alternative Investment Companies Manage Operational and Regulatory Risks – recommends that all firms reflect on their existing operations and develop or enhance a cybersecurity strategy designed to protect critical data, systems and applications. An initial operational risk assessment quickly determines the current level of risk inside a firm and is outlined in the white paper. 
 
Creating and implementing a layered cybersecurity strategy is based on the concept that any one point of protection can, and will be, penetrated. While there are multiple layers to a cybersecurity approach, there are six types of layers upon which to focus in order to mitigate the potential risk for each one:
 
1.    Physical security: to protect the hardware, networks and data from a material breach, including protection from fire, power, disgruntled employees and terrorism;
2.    Network security: to protect against risks associated with web browsing and email;
3.    Malware: to control the download and protect against an attack spreading across the firm infrastructure;
4.    Access control and password management: to control administrative permissions;
5.    File monitoring: to cross-check the alignment between access controls business requirements and an ever-growing file system;
6.    Incident response plan: to implement a set of processes and procedures to rapidly discover, acknowledge, compartmentalise, neutralise and eradicate an attack from the environment.

Further reading



Upcoming events

5 hours 59 min from now - Zurich
5 hours 59 min from now - Monte Carlo
5 hours 59 min from now - Geneva
5 days 6 hours from now - Kuala Lumpur

Upcoming training

Mon, 10/11/2014 (All day) - London
Mon, 10/11/2014 (All day) - London
Thu, 13/11/2014 (All day) - London