Legal Seminar, Chicago, IL

NAIC

 Access controls  Limit devices accessing core systems  Restrict physical access  Encrypt sensitive nonpublic information  Secure development of in-house applications  Update systems  Implement multi-factor authentication  Regularly test systems

 Verify audit trails  Prepare backups  Develop procedures for disposal

Synthesis of Security Requirements

 Board Involvement  CISO  Independent Risk Assessment  Regular Audits  Ongoing Defense Assessment  Separation of Duties