ICI Mutual Publications:
- ICI MUTUAL, RISK MANAGEMENT IN THE DIGITAL AGE: MOBILE COMPUTING, CLOUD COMPUTING AND SOCIAL MEDIA (2012), available at http://www.icimutual.com/system/files/RiskManagementInTheDigitalAge.pdf.
- ICI MUTUAL, THE TWO FACES OF IDENTITY THEFT: OF DATA AND DOLLARS (2006), available at http://www.icimutual.com/system/files/The%20Two%20Faces%20of%20Identity%20Theft.pdf.
- ICI MUTUAL, COMPUTER SECURITY LITE: HALF THE JARGON OF REGULAR COMPUTER SECURITY (A GUIDE FOR MANAGEMENT) (2003), available at http://www.icimutual.com/system/files/Computer%20Security%20Lite.pdf.
General Guidance from Government Agencies:
- NIST, FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY (Feb. 12, 2014), http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf.
- NIST, DEP’T OF COMMERCE, SPECIAL PUBL’N NO. 800-63-2, ELECTRONIC AUTHENTICATION GUIDELINE (Aug. 2013), http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf.
- NIST, DEP’T OF COMMERCE, SPECIAL PUBL’N NO. 800-118, GUIDE TO ENTERPRISE PASSWORD MANAGEMENT (DRAFT) (Aug. 2009), http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf.
- NIST, DEP’T OF COMMERCE, SPECIAL PUBL’N NO. 800-76-2, BIOMETRIC SPECIFICATIONS FOR PERSONAL IDENTITY VERIFICATION (Jul. 2013), http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-76-2.pdf.
- NIST, Electronic Authentication: Guidance For Selecting Secure Techniques, http://www.itl.nist.gov/lab/bulletns/bltnaug04.htm.
- Internal Revenue Service, Dep’t of the Treasury, Safeguards Technical Assistance Memorandum: Multi-Factor Authentication Implementation (June 2013), http://www.irs.gov/file_source/pub/irs-utl/safeguards-multi-factor-auth-alert.doc.
- FFIEC, Authentication in an Internet Banking Environment (Oct. 12, 2005), http://www.ffiec.gov/pdf/authentication_guidance.pdf.
- FFIEC, Supplement to Authentication in an Internet Banking Environment (June 29, 2011), http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf.
Securities Regulators:
- SEC, Division of Investment Management, IM Guidance Update: Cybersecurity Guidance, No. 2015-02 (Apr. 2014), http://www.sec.gov/investment/im-guidance-2015-02.pdf.
- SEC, OCIE, National Exam Program Risk Alert: OCIE Cybersecurity Initiative (Apr. 15, 2014), http://www.sec.gov/ocie/announcement/Cybersecurity-Risk-Alert--Appendix---4.15.14.pdf.
- SEC, OCIE, National Exam Program Risk Alert: Cybersecurity Examination Sweep Summary (Feb. 3, 2015), http://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf.
- SEC, Dep’t of the Treasury, and Financial Crimes Enforcement Network, Joint Final Rule: Customer Identification Programs for Mutual Funds, 40 Act Rel. No. 26031 (Apr. 29, 2003), https://www.sec.gov/rules/final/ic-26031.htm.
- FINRA, Customer Account Protection: Verification of Emailed Instructions to Transmit or Withdraw Assets from Customer Accounts (Jan. 2012), http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p125462.pdf.
- FINRA, Report on Cybersecurity Practices (Feb. 2015), http://www.finra.org/web/groups/industry/@ip/@reg/@guide/documents/industry/p602363.pdf.