Digital Assets Report

Newsletter

Like this article?

Sign up to our free newsletter

Gravitas white paper provides actionable layered strategy for asset management firms

Related Topics

A white paper from Gravitas provides alternative investment companies with a layered cybersecurity strategy including a six-point framework of actionable steps to address a range of cyber-threats head on.

Gravitas is a co-sourcing platform providing portfolio management and risk analytics, research and analytics, operations and information technology services to the alternative investment industry.
 
“The evolving cyber-threat landscape and increased regulatory scrutiny have created tremendous pressure for alternative investment firms as they shore-up their IT security,” says Patrick Mullevey, executive director of Systems Integration at Gravitas. “Gravitas has constructed a framework for assessing a firm’s cybersecurity awareness, preparedness and resilience to operational threats and regulatory compliance requirements. Our new white paper outlines a six-point action plan to help firms generate procedures and add required technologies to better protect themselves.”
 
The Gravitas paper – Cybersecurity: How Alternative Investment Companies Manage Operational and Regulatory Risks – recommends that all firms reflect on their existing operations and develop or enhance a cybersecurity strategy designed to protect critical data, systems and applications. An initial operational risk assessment quickly determines the current level of risk inside a firm and is outlined in the white paper. 
 
Creating and implementing a layered cybersecurity strategy is based on the concept that any one point of protection can, and will be, penetrated. While there are multiple layers to a cybersecurity approach, there are six types of layers upon which to focus in order to mitigate the potential risk for each one:
 
1.    Physical security: to protect the hardware, networks and data from a material breach, including protection from fire, power, disgruntled employees and terrorism;
2.    Network security: to protect against risks associated with web browsing and email;
3.    Malware: to control the download and protect against an attack spreading across the firm infrastructure;
4.    Access control and password management: to control administrative permissions;
5.    File monitoring: to cross-check the alignment between access controls business requirements and an ever-growing file system;
6.    Incident response plan: to implement a set of processes and procedures to rapidly discover, acknowledge, compartmentalise, neutralise and eradicate an attack from the environment.

Like this article? Sign up to our free newsletter

Most Popular

Further Reading

Featured