THE Securities and Exchange Commission (SEC) is finalizing a memorandum circular that requires regulated entities to create an information security group.
The SEC requested all concerned entities to comment on the commission’s “guidance for regulated entities on establishing and maintaining a cybersecurity framework.”
In an unnumbered memorandum circular published on the SEC’s website on Wednesday, the commission said it recognizes “that cyber crime is currently the fastest rising economic crime, in line with the findings under the National Policy for 2017-2020.”
The information security group to be created by each regulated entity should be separate and distinct from its existing information technology group, the commission said.
“The primary focus of the information security team is to ensure the confidentiality, integrity, and availability of information in the process of the regulated entity,” it added.
The team will be headed by a chief information security officer, who will also oversee the entire cybersecurity framework of the regulated entity, SEC said.
Among the responsibilities of the team is drafting guidelines that will “dictate certain behavior within the organization pertaining to handling cybersecurity.”
The team will develop a “comprehensive strategy” to enhance the “readiness, capacity, training, recruitment, and retention of the cybersecurity workforce” of the regulated entity. — Arjay L. Balinbin