99久久国产精品综合色,国产精品宅男在线观看,福利久久香蕉小视频,久久精品亚洲综合一品

       

       

       

       

       

      Page 28 - 期貨和衍生品行業(yè)監管動(dòng)態(tài)(2024年5月)
      P. 28

      期貨和衍生品行業(yè)監管動(dòng)態(tài)
      
      
      
      
                         was potentially impacted by a system intrusion involving a previously unknown
      
                         vulnerability in ICE’s virtual private network (VPN). ICE investigated and was
      
                         immediately able to determine that a threat actor had inserted malicious code into a
      
                         VPN device used to remotely access ICE’s corporate network. However, the SEC’s
      
                         order finds that ICE personnel did not notify the legal and compliance officials at
      
                         ICE’s subsidiaries of the intrusion for several days in violation of ICE’s own internal
      
                         cyber incident reporting procedures. As a result of ICE’s failures, those subsidiaries
      
                         did not properly assess the intrusion to fulfill their independent regulatory disclosure
      
                         obligations under Regulation SCI, which required them to immediately contact SEC
      
                         staff about the intrusion and provide an update within 24 hours unless they
      
                         immediately concluded or reasonably estimated that the intrusion had or would have
      
                         no or a de minimis impact on their operations or on market participants.
      
      
                              “The respondents in today’s enforcement action include the world’s largest stock
      
                         exchange and a number of other prominent intermediaries that, given their roles in our
      
                         markets, are subject to strict reporting requirements when they experience cyber
      
                         events. Under Reg SCI, they have to immediately notify the SEC of cyber intrusions
      
                         into relevant systems that they cannot reasonably estimate to be de miminis events
      
                         right away. The reasoning behind the rule is simple: if the SEC receives multiple
      
      
                         reports across a number of these types of entities, then it can take swift steps to
      
                         protect markets and investors,” said Gurbir S. Grewal, Director of the SEC’s Division
      
                         of Enforcement. “Here, the respondents subject to Reg SCI failed to notify the SEC of
      
                         the intrusion at issue as required. Rather, it was Commission staff that contacted the
      
                         respondents in the process of assessing reports of similar cyber vulnerabilities. As
      
                         alleged in the order, they instead took four days to assess its impact and internally
      
                         conclude it was a de minimis event. When it comes to cybersecurity, especially events
      
                         at critical market intermediaries, every second counts and four days can be an eternity.
      
                         Today’s order and penalty not only reflect the seriousness of the respondents’
      
                         violations, but also that several of them have been the subject of a number of prior
      
      
      
                                                                   18
         23   24   25   26   27   28   29   30   31   32   33