Author Archive
R7-2023
By Adam Reynolds - Last updated: Tuesday, March 21, 2023
Top Seven Risks . . . that small bank Information Security Officers face in 2023! When we present audit reports to boards of directors, we also talk to the board about the top risks the institution is facing. Since 2006, we have been compiling a list of the “top seven risks small institutions are facing,” in […]
The Importance of Pretext Calling
By Adam Reynolds - Last updated: Tuesday, September 13, 2022
It’s all about protecting Customer information . . . In 1999 the Gramm-Leach-Bliley Act (GLBA) directed the Federal Deposit Insurance Corporation (FDIC) and other federal banking agencies to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information. The FDIC and other federal banking agencies […]
R7-2022
By Adam Reynolds - Last updated: Monday, March 21, 2022
Top Seven Risks . . . that small bank Information Security Officers face in 2022! Once again, we compile this list in preparation for updating our normal board of directors awareness training presentation and movies and such. This list is meant for community-based banks but could apply to small businesses. How this works can be illustrated […]
How the New Rule Applies to infotex
By Adam Reynolds - Last updated: Monday, February 21, 2022
(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]
FDIC and OCC Release New Incident Notification Rules
By Adam Reynolds - Last updated: Monday, January 31, 2022
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Security in a Cloud Computing Environment
By Adam Reynolds - Last updated: Tuesday, June 16, 2020
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]
Incident Response Boilerplate Update
By Adam Reynolds - Last updated: Monday, October 15, 2018
We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]
Succession Planning Governance
By Adam Reynolds - Last updated: Monday, August 27, 2018
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]
Top Seven Risks . . . that small bank Information Security Officers face in 2023! When we present audit reports to boards of directors, we also talk to the board about the top risks the institution is facing. Since 2006, we have been compiling a list of the “top seven risks small institutions are facing,” in […]
It’s all about protecting Customer information . . . In 1999 the Gramm-Leach-Bliley Act (GLBA) directed the Federal Deposit Insurance Corporation (FDIC) and other federal banking agencies to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information. The FDIC and other federal banking agencies […]
R7-2022
By Adam Reynolds - Last updated: Monday, March 21, 2022
Top Seven Risks . . . that small bank Information Security Officers face in 2022! Once again, we compile this list in preparation for updating our normal board of directors awareness training presentation and movies and such. This list is meant for community-based banks but could apply to small businesses. How this works can be illustrated […]
How the New Rule Applies to infotex
By Adam Reynolds - Last updated: Monday, February 21, 2022
(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]
FDIC and OCC Release New Incident Notification Rules
By Adam Reynolds - Last updated: Monday, January 31, 2022
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Security in a Cloud Computing Environment
By Adam Reynolds - Last updated: Tuesday, June 16, 2020
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]
Incident Response Boilerplate Update
By Adam Reynolds - Last updated: Monday, October 15, 2018
We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]
Succession Planning Governance
By Adam Reynolds - Last updated: Monday, August 27, 2018
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]
Top Seven Risks . . . that small bank Information Security Officers face in 2022! Once again, we compile this list in preparation for updating our normal board of directors awareness training presentation and movies and such. This list is meant for community-based banks but could apply to small businesses. How this works can be illustrated […]
(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]
FDIC and OCC Release New Incident Notification Rules
By Adam Reynolds - Last updated: Monday, January 31, 2022
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
By Adam Reynolds - Last updated: Monday, July 26, 2021
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Security in a Cloud Computing Environment
By Adam Reynolds - Last updated: Tuesday, June 16, 2020
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]
Incident Response Boilerplate Update
By Adam Reynolds - Last updated: Monday, October 15, 2018
We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]
Succession Planning Governance
By Adam Reynolds - Last updated: Monday, August 27, 2018
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Security in a Cloud Computing Environment
By Adam Reynolds - Last updated: Tuesday, June 16, 2020
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]
Incident Response Boilerplate Update
By Adam Reynolds - Last updated: Monday, October 15, 2018
We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]
Succession Planning Governance
By Adam Reynolds - Last updated: Monday, August 27, 2018
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]
We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]
Succession Planning Governance
By Adam Reynolds - Last updated: Monday, August 27, 2018
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]