Archive for 'Compliance' Category
Adam Reads: The “36 Hour Rule” Guidance Summary
A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]
Cyberattack Reporting Comes To More Businesses
New legislation would require businesses in several new sectors to report cyberattacks within 72 hours… An article review. Following a number of recent high-profile incidents, and as fears of a Russian cyberattack grow, the Senate passed legislation that would require companies in more industries to report cyber incidents to federal regulators. Among the businesses targeted […]
My Take on the 36 Hour Rule
It doesn’t cover us. . . . . . but we’ll agree to it anyway. Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . I thought I’d write a quick DNL about the new 36 hour rule. It’s due in May, so I am not […]
The Importance of Proper Multi-Factor Authentication (MFA) in 2022
Not just because it is becoming an issue of compliance. . . We all know the plot of your typical heist movie – a group of robbers seeks out special bits of information, such as PIN numbers, keycards, FOBs, and even biometrics, all to relentlessly gain entry to a secured vault. These vaults use several […]
How the New Rule Applies to infotex
(It does not) But it’s “crazy complicated and seemingly circular.” A new article meant to inspire thought about IT Governance… Note: You can read the article where Adam discussed the rule itself here: FDIC and OCC Release New Incident Notification Rules. The new interagency Computer-Security Incident Notification Requirements rule includes requirements not only for banking organizations, […]
FDIC and OCC Release New Incident Notification Rules
An update to your Incident Response and Business Continuity Plans will be required . . . . . . but will not replace any previous rules! A new article meant to inspire thought about IT Governance… Note: We have included a copy of the publication for your full review at the end of the article. Click […]
Technology Planning and Your First AIO Plan Webinar-Movie
The FFIEC’s latest guidance: The Architecture, Infrastructure, and Operations, has brought many changes to exactly how a small financial institution may look at their Technology Planning for 2022. Included in that will be the opportunity to write your first Architecture Plan and we intend to show you what may be involved in that! Have any […]
The AIO’s Impact on Technology Planning Movie
Dan is joined by a Panel to discuss the FFIEC’s New AIO Guidance and how it may impact Technology Planning in the future.
Data Breach Laws: A State-by-State Framework
What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts. Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]
An Overview of the FFIEC Architecture, Infrastructure, and Operations Booklet
Our Lead Non-Technical Auditor takes a look at the new AIO Guidance… Architecture, Infrastructure, and Operations (AIO) is the latest booklet released by the Federal Financial Institutions Examination Council (FFIEC) in their line of IT Examination Handbooks. It is an update to their 2004 Operations booklet and, as the name implies, expands into the areas […]