83°Partly Cloudy

Morning Notes

Basketball court at Fort Barnard Park (Flickr pool photo by Erinn Shirley)

County to Invest $55 Million in Ballston Mall — Arlington County is planning its first-ever Tax Increment Financing district to help fund the renovations to Ballston Common Mall. Arlington plans to invest $45 million in the mall with its TIF, which will be repaid over time via increased tax revenue from the property. It also plans to make $10 million in transportation improvements, including improvements to the attached county parking garage and the narrowing of Willson Blvd in front of the mall. [Washington Business Journal]

Arlington May Ask for Jefferson Davis Hwy Renaming — Arlington County is considering asking local state legislators to seek a name change for Jefferson Davis Highway in Arlington. Also known as Route 1, the highway is named after the Confederate president thanks to state legislative decree in 1922. A draft of the 2016 Arlington legislative priorities list includes a proposal to rename “the Arlington portion of Jefferson Davis Highway in a way that is respectful to all who live and work along it.” [InsideNova]

Room For Economic Improvement — Arlington County’s building approval process remains cumbersome and overly time consuming, and the county lacks the kind of incentive resources — “weapons” — that other jurisdictions have for economic development. That’s according to Arlington Economic Development Director Victor Hoskins, at a recent panel discussion. [Washington Business Journal]

Per-Student Spending Down — Arlington County’s per-student spending is down to $18,616, from $19,040 last year, according to the Washington Area Board of Education. Arlington still has the highest per-student spending of any suburban Washington school system. [InsideNova]

Flickr pool photo by Erinn Shirley

0 Comments

SEC Cybersecurity Guidance for Investment Managers

Alex ChamandyThe following post is written and sponsored by Alexander G. Chamandy of Envescent, LLC, the IT services provider to ARLnow.com.

In April 2015, the SEC issued a Cybersecurity Guidance update for registered investment companies and investment advisers.

The guidelines provided best practices for mitigating information leakage risks and improving data security. Too often many smaller investment houses may not have knowledgeable staff to implement and manage cybersecurity policies.

The cornerstones of cybersecurity 

The best practices are shaped around four key principles: compartmentalization; encryption; restricting remote access; and, controlling the usage of devices that may compromise internal security. The most critical considerations set forth are:

  • Data encryption: Backups, portable computers, data that flows outside of the company;
  • Network and system firewalls: Both hardware and software firewalls for network endpoints and individual systems;
  • Restricting the use of removable storage media (e.g., flash drives);
  • Deploying software that monitors technology systems for unauthorized intrusions;
  • Network segregation to restrict access; and
  • “System hardening” with the purpose of ensuring individual systems are locked down against attack.

Create a plan and follow through with it

To accomplish these essentials, you need to put in place both a policy and budget for active cybersecurity, consistent with the size and technological complexity of the operation. The basic important thought is that every system, network appliance, server, Internet connection, remote office (and its equipment) as well as portable devices, backups and other areas where data is transmitted or stored will need individual attention by a knowledgeable cybersecurity expert.

Investment managers without the needed internal cybersecurity expertise typically seek help of an outside consultant to deal effectively with this critical issue, and minimize potential exposure. An outside opinion most likely will shed light on overlooked but critical areas – such as the firmware version of a vulnerable network appliance, or remote ports that are exposed which don’t need to be open. These types of “invisible” or ignored issues may lead to large-scale breaches and other maladies.

Staying secure pays off in the long run

The primary goal of the SEC’s cybersecurity guidance is to help set forth a common framework for institutional best practices, casting light on commonly overlooked security flaws and spelling-out common sense steps to address them.

More importantly, however, it is a critical change in the landscape of the our regulatory and legal environment. With all of the recent (and ongoing) breaches — and given what is at stake for investment managers if their systems are hacked — it makes sense to shape and adopt a cybersecurity plan. It makes even more sense to put the plan into action before cybersecurity becomes a problem for your operation.

View the SEC Cybersecurity Guideline Update here: http://www.sec.gov/investment/im-guidance-2015-02.pdf

About the author

Alexander G. Chamandy is a seasoned IT professional with 20 years of industry experience and a lifelong Arlington resident. He has deep expertise helping small businesses with a number of IT issues, including cybersecurity, data recovery, networking, deploying and maintaining servers as well as open source software.

If your small business needs IT supportconsulting or website design contact Envescent, LLC. Our company has helped over 15,000 clients in the Washington, DC area and beyond since 1999.

The views and opinions expressed in the column are those of the author and do not necessarily reflect the views of ARLnow.com.

0 Comments
×

Subscribe to our mailing list