The Council’s members met last week to discuss their response to the growing crisis… An article review. As the COVID-19 crisis deepens, many industries have been facing delays and disruptions.  The FFIEC acknowledged those disruptions in a press release last Wednesday, where they announced a 30-day extension to their quarterly Call Report deadline. The Council, […]

As reports of Coronavirus spread, the agency has updated its 2007 guidance… An article review. As what began as a few isolated incidents late last year have bloomed into a what some are calling a pandemic, fears of Coronavirus (also known as COVID-19) have spread into nearly all sectors…and banking is no exception. In light […]

What do you need to be compliant in your state? An article review. One subprocess to incident response many of our banking Clients are currently wrestling with is how to address customers living in “other states.” If we’re on the border between Indiana and Ohio, we already know the laws of these two states and […]

The California Consumer Privacy Act is here, but its impact remains unclear… An article review. On January 1st a new consumer privacy law went into effect in California, and while some are calling it “California’s GDPR,” the impact of the new legislation remains unclear. The new law, detailed in an article submitted to us by […]

New Guidance On Business Continuity Is Now Available… An article review. As part of a continuing effort to remain up-to-date as technology evolves, the FFIEC has announced the first updates to their guidance on business continuity management since 2015. The new Business Continuity Management Booklet is available now and describes “principles and practices for information […]

Four out of five schools have experienced a cybersecurity incident… An article review. While it seems like these days every organization faces cybersecurity threats, as we’ve pointed out in the past schools are an increasingly attractive target to hackers—and a new audit carried out by the cybersecurity wing of the UK’s Government Communications Headquarters (GCHQ) […]

These tools will help you assess and improve your cybersecurity preparedness… An article review. If you’re a regular reader of our blog, you know that we think cybersecurity training and the tools that go along with it are vitally important to any organization that relies upon computers—which is pretty much everyone, now. The Federal Financial […]

Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . For all the same reasons a board of directors would want to establish a risk appetite statement on loan risk or other major risk categories, the 2015 Cybersecurity Assessment Tool gave us the ability to establish […]

Password expiration rules can create more problems than they solve… An article review. Passwords, it seems, are a lot like diets. They’re often necessary, but no one really wants to have to deal with them–and we’re always looking for the next trick to make the process easier. And just like there’s always a new diet […]

Known to be vulnerable since 2005, the algorithm will be phased out over the next several months… An article review. Things can move slowly in the world of cryptography, and for evidence of that one needs to look no further than SHA-1–the hash algorithm introduced in 1995, found to be vulnerable to attack in 2005 […]