Indiana Code 28-10-3-2: What It Means for Community Financial Institutions
A New Law… A new Indiana law passed last year which flew under our radar, but has important implications for most of our Clients. Indiana Code 28-10-3-2 introduced new state reporting requirements for Indiana financial institutions, it requires a “corporation” (defined below) to notify the DFI’s director of a reportable cyber incident or notification incident […]
CISA CPG as a CAT Alternative
Exploring another CAT Alternative… To get out in front of change. As we should all know at this time, financial institutions are faced with selecting a replacement framework that can help them continue to manage cyber risk effectively. The FFIEC’s sunsetting statement named four possible alternatives: the NIST Cybersecurity Framework 2.0, the CRI Profile 2.0, […]
NIST CSF 2.0 as a CAT Alternative
CAT Alternatives… To get out in front of change. As of the date of publication, the Cybersecurity Assessment Tool (CAT) is less than one month away from being officially sunset, meaning we have been discussing the CAT’s retirement for almost a year. We previously published articles looking at the CRI Profile v2.0 and CIS Critical […]
CFPB Rule 1033: What Community Banks Need to Know
Community Banks and Customer Trust Data Drama The Consumer Financial Protection Bureau’s (CFPB) Rule 1033, originating from Section 1033 of the Dodd-Frank Act, is set to change how financial data is accessed and shared by financial institutions over the next five years. CFPB Rule 1033 establishes a consumer’s legal right to access their financial data […]
The CIS Critical Security Controls as a CAT Alternative
Exploring another CAT Alternative To get out in front of change. As the date of the FFIEC’s CAT retirement keeps drawing nearer, we want to discuss the different options there are to replace it. The retirement means we will need to select a new tool to identify cybersecurity risks and assess our cybersecurity preparedness. Managing […]
R7 – The Top 7 Cyber Risks of 2025
Top Seven Risks . . . that small bank Information Security Officers face in 2025! We’ve assembled this compilation of cyber risks of 2025, as we have for the past several years, as we gear up to refresh our board of directors’ routine awareness training materials, including presentations and movies. This is designed primarily for […]
Replacing the Cybersecurity Awareness Tool
CAT Alternatives… To get out in front of change. On August 29th, the Federal Financial Institutions Examination Council (FFIEC) officially announced the sunsetting of the Cybersecurity Assessment Tool (CAT). The CAT, introduced by the FFIEC in 2015, has served as a critical framework for financial institutions to assess their cybersecurity readiness. The tool provided a […]
The Blue Team Exercise
Enhancing Incident Response… … Through real-world Technical Attack Simulations The Blue Team Exercise is a new incident response exercise focused on your technical team, using real-world attack methodologies against your Incident Response Teams and IT assets. A Blue Team is defined by NIST as “the group responsible for defending an enterprise’s use of information systems […]
R7-2024
Top Seven Risks . . . that small bank Information Security Officers face in 2024! We’ve assembled this compilation once more as we gear up to refresh our board of directors’ routine awareness training materials, including presentations and movies. This is designed primarily for community banks, but could apply to small businesses as well. Most […]
OCC Releases New Vendor Management Guidance
. . . to ensure relationships are safe and sound. The Office of the Comptroller of the Currency (OCC) has released the Final Interagency Guidance on Third-Party Relationships, aimed at helping financial institutions effectively manage risks associated when engaging with third-party vendors. The guidance emphasizes the need for comprehensive risk management practices throughout the entire […]