Hedge Fund COO requires a Cyber Preparedness Review

Background

A COO of a 30-person Hedge Fund invited Remora to perform a Risk Assessment. Despite tight governance processes, good relations with an efficient IT service provider, and having already implemented many cyber best-practise controls, he wanted a 3rd party review of the current environment to showcase to investors.

Services performed

  • Our ISO27001-NIST based Risk Assessment
  • A Guidance Plan to manage the implementation of our Risk Assessment recommendations
  • Security awareness training for all employees

Time Taken: 6 days

Observations and Approach

The culture of the firm and its management significantly assisted the audit process.

Whilst the firm had made great efforts to implement a robust cyber defence, there were still gaps in their framework that needed addressing.

The firm’s proprietary data gave them significant competitive advantage therefore we were asked to pay particular attention to this during our assessment process.

We helped the client to:

  • identify their Intellectual Property (IP) and identified the best storage regime for that IP
  • improve processes for staff access based on their roles and responsibilities;
  • assess and implement technology options to safeguard the company data.

Deliverables and Conclusions

We presented to management our 30-page Risk Assessment report containing our key findings and 45 recommendations, and outlined our Project Plan for the IT Service Provider.

Our work ultimately led to:

  • Appropriate controls put in place to better manage the IT infrastructure
  • A revision of the firm’s Policies & Procedures documentation with Compliance and HR departments
  • Improved awareness of Cyber Security best practices across the business
  • The CEO removing personal email access from his office PC and incorporating corporate policy on his mobile device.
  • The Risk Assessment satisfying an investor request as part of an ongoing Due Diligence process.