The Blue Team Exercise
Enhancing Incident Response… … Through real-world Technical Attack Simulations The Blue Team Exercise is a new incident response exercise focused on your technical team, using real-world attack methodologies against your Incident Response Teams and IT assets. A Blue Team is defined by NIST as “the group responsible for defending an enterprise’s use of information systems […]
R7-2024
Top Seven Risks . . . that small bank Information Security Officers face in 2024! We’ve assembled this compilation once more as we gear up to refresh our board of directors’ routine awareness training materials, including presentations and movies. This is designed primarily for community banks, but could apply to small businesses as well. Most […]
OCC Releases New Vendor Management Guidance
. . . to ensure relationships are safe and sound. The Office of the Comptroller of the Currency (OCC) has released the Final Interagency Guidance on Third-Party Relationships, aimed at helping financial institutions effectively manage risks associated when engaging with third-party vendors. The guidance emphasizes the need for comprehensive risk management practices throughout the entire […]
R7-2023
Top Seven Risks . . . that small bank Information Security Officers face in 2023! When we present audit reports to boards of directors, we also talk to the board about the top risks the institution is facing. Since 2006, we have been compiling a list of the “top seven risks small institutions are facing,” in […]
The Importance of Pretext Calling
It’s all about protecting Customer information . . . In 1999 the Gramm-Leach-Bliley Act (GLBA) directed the Federal Deposit Insurance Corporation (FDIC) and other federal banking agencies to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information. The FDIC and other federal banking agencies […]
R7-2022
Top Seven Risks . . . that small bank Information Security Officers face in 2022! Once again, we compile this list in preparation for updating our normal board of directors awareness training presentation and movies and such. This list is meant for community-based banks but could apply to small businesses. How this works can be illustrated […]
How the New Rule Applies to infotex
(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]
FDIC and OCC Release New Incident Notification Rules
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Security in a Cloud Computing Environment
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]