OCC Releases New Vendor Management Guidance
. . . to ensure relationships are safe and sound. The Office of the Comptroller of the Currency (OCC) has released the Final Interagency Guidance on Third-Party Relationships, aimed at helping financial institutions effectively manage risks associated when engaging with third-party vendors. The guidance emphasizes the need for comprehensive risk management practices throughout the entire […]
R7-2023
Top Seven Risks . . . that small bank Information Security Officers face in 2023! When we present audit reports to boards of directors, we also talk to the board about the top risks the institution is facing. Since 2006, we have been compiling a list of the “top seven risks small institutions are facing,” in […]
The Importance of Pretext Calling
It’s all about protecting Customer information . . . In 1999 the Gramm-Leach-Bliley Act (GLBA) directed the Federal Deposit Insurance Corporation (FDIC) and other federal banking agencies to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information. The FDIC and other federal banking agencies […]
R7-2022
Top Seven Risks . . . that small bank Information Security Officers face in 2022! Once again, we compile this list in preparation for updating our normal board of directors awareness training presentation and movies and such. This list is meant for community-based banks but could apply to small businesses. How this works can be illustrated […]
How the New Rule Applies to infotex
(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]
FDIC and OCC Release New Incident Notification Rules
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]
Security in a Cloud Computing Environment
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC released their “Joint Statement on Risk Management for Cloud Computing Services” as an update to their 2012 statement “Outsourced Cloud Computing.” The 2012 statement was a short, four-page document that addressed the key elements of outsourced cloud computing as identified in […]
Incident Response Boilerplate Update
We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. At infotex we are always revising and updating our boilerplates. We have recently made a significant change to our Incident Response Policy regarding Disclosure Incidents. It is of course very important to comply with all applicable laws and regulations, but […]
Succession Planning Governance
What the FFIEC has to say about succession planning for members of the IT Governance process… We have been hearing about examination findings requiring Clients to create a succession plan for key members of the IT Governance process. Dan asked me to update our research on this issue and, as a byproduct, I have produced […]