Tag: SAR

  • Another incident management table-top training exercise

    I’ve mentioned before that financial institutions would be wise to use news reports of security incidents as “what if” table-top training exercises.  Here is another one that just occurred a couple of days ago: Test scenario: You receive a subpoena from a government agency requesting financial information on several customers.  The subpoena includes names and…

  • Incident response – to report or not?

    For the purposes of regulator reporting and customer notification, it is critical that we first define an “incident”.  Here is how an incident is defined by the FFIEC:

  • ID Theft and SAR filings

    In the past, authoritative reports on identity theft have used surveys conducted with the general public to collect ID theft related data. However…