Cybersecurity is an integral part of risk management at Nasdaq. The Information Security Department is responsible for coordinating the protection of our core business operations and information against real-world cyber threats by employing technology, policy, processes, education programs and sound design techniques across the organization.
On an annual basis, the Information Security team reviews and updates its governance documents, including the Information Security Charter, the Information Security Policy, and the Information Security Program Plan, and then presents the revised documents to the Audit & Risk Committee for review and/or approval.
In 2022, an external consultant performed an analysis of Nasdaq’s information security procedures, which included a review of program documentation and an overall maturity assessment of Nasdaq’s information security programs. The findings were presented to the Audit & Risk Committee.