Basic Stock Market Terminology for CyberSecurity Professionals and Why Should They Care!
June 26, 2022 – Rafeeq Rehman
The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at increasing higher levels of business structure up to board of directors. Understanding and speaking business language is more important than ever for the success of any InfoSec professionals.
As mentioned in my last post, I have started building body of knowledge for Essential Business Knowledge (EBK) needed for Cybersecurity professionals. The first domain on this body of knowledge is “Essential Business Terminology for InfoSec Professionals”. This post covers some of these terms related to stock markets, where to get this information, and why InfoSec professionals should care. The following diagram shows terms only in one category (Stock Market).
Stock Markets
A very large number of information security professionals work in publicly traded companies. Company stakeholders (shareholders/investors, company executives, employees who own company stocks) have keen interest in performance of the company in the stock market. They use “stock market language” in business meetings and risk discussions.
Information security professionals should develop foundational understanding of the stock market to understand these discussions and to become a productive part of the conversation.
Where to get stock market information?
Stock market data is available online from many resources. In the United States, you can get the latest data from one of the following (and many other) resources.
- Yahoo Finance (finance.yahoo.com)
- Google Finance (finance.google.com)
Public and Private Companies
For-profit commercial businesses typically fall into two categories: public and private. Public companies are those which are traded in a stock markets where any investor can buy or sell their shares/stocks. Private companies, on the other hand, are owned by a limited number of shareholders and these are not traded in the stock market.
Where to get stock market information?
- Public companies are required to comply with many laws and regulations which are not applicable to private companies. Infosec professionals working in public companies are often involved in compliance, monitoring, and investigation activities.
Stock Ticker
Ticker is a symbol assigned to each company traded in the stock market. For example ticker for Apple Inc is AAPL, for Cisco it is CSCO, for Palo Alto Networks PAN and so on. There are usually multiple stock markets in each country with their own ticker symbols for stocks that are traded on those stock markets.
Why should infosec professionals care?
- Stock tickers are commonly used in business conversations. You should know the stock ticker of your own company as well as tickers of major competitors.
- Many APIs are integrated into corporate applications that use stock tickers. Infosec professionals may be engaged in security assessment of applications and APIs.
- Applications used to track public sentiment and breaking news in social media also use ticker symbols. Some security operations centers may be using this information for real time awareness.
Market Capitalization
Market capitalization, also known as market cap, is the total value of a company calculated by multiplying stock price with number of outstanding stocks.
Market capitalization = share/stock price x total number of shares outstanding
- Market cap is a measure of a company’s worth as viewed by investors in the stock market.
- Market capitalization is frequently used to show growth or decline of a company in financial terms.
- Market cap is used to put businesses in categories. For example, companies with market capitalization larger than 10 billion are called large-cap companies.
Why should infosec professionals care?
- Sometimes infosec professionals need market capitalization in risk calculations.
- Impact on market cap after significant data breaches is an important metric.
Initial Public Offering or IPO
Initial public offering, also known as IPO, is the process by which a new company starts trading in a stock market. IPO is a very important event in the life of startup companies. After an IPO, the general public can invest in company stocks.
Investment banks help private companies establish their valuation and take them to the stock market. IPO established the initial market capitalization of a company. A ticker symbol is also assigned at the time of IPO.
Why should infosec professionals care?
- An IPO is an important milestone for a company.
- Companies may face elevated threat activity at the time of IPO intended to gather and sell financial data.
Insider Trading
Some people inside any company have access to financial information that is not available to the public for trading (buying or selling stocks). Insider trading is when these individuals use or share this information for trading company stocks. All insider trading is not illegal. There are certain rules for the individual with insider knowledge to trade company stocks. Their trade of company stocks is legal as long as they abide by these rules.
Sharing insider information to outside entities is also a crime and there are strong penalties, including jail time, for people caught in such activity.
Why should infosec professionals care?
- Some infosec professionals, as part of their investigation work, may get access to financial information not available to the public. In that case they should check with the internal legal/ethics team to understand if insider trading rules apply to them.
- You may be asked to do an investigation (DLP systems, logs reviews, etc.) to determine if an individual(s) is involved in insider trading.
- You may be responsible for risk assessment of financial systems and implement security controls to limit access.
Security and Exchange Commission – SEC
Securities and Exchange Commission, also known as SEC (sec.gov), is a US government agency with responsibilities to regulate stock markets, ensure fairness, stop illegal insider trading and investigate cases where it suspects market manipulation.
Why should infosec professionals care?
- For public companies, complying with SEC regulations is crucial. Infosec professionals are usually involved in designing, implementing, and monitoring controls for SEC compliance.
- SEC controls may involve data retention, access to certain data, monitoring communications of individuals and certain roles (e.g. traders).
What About Other Terms?
I know all of the terms are not covered in this post. However this provides the reader about what they expect when we expand other subcategories including:
- General Management Terms
- Budgeting and Financing
- Sales and Marketing
- User Experience
- Legal and Compliance
Stay tuned!