A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]

New legislation would require businesses in several new sectors to report cyberattacks within 72 hours… An article review. Following a number of recent high-profile incidents, and as fears of a Russian cyberattack grow, the Senate passed legislation that would require companies in more industries to report cyber incidents to federal regulators.  Among the businesses targeted […]

It doesn’t cover us. . . . . . but we’ll agree to it anyway. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I thought I’d write a quick DNL about the new 36 hour rule.  It’s due in May, so I am not […]

Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]

(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]

An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]

The FFIEC’s latest guidance: The Architecture, Infrastructure, and Operations, has brought many changes to exactly how a small financial institution may look at their Technology Planning for 2022. Included in that will be the opportunity to write your first Architecture Plan and we intend to show you what may be involved in that! Have any […]

Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.

What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts.  Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]

Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of  IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]