-
2012 Compliance Trends, Part 2 – Vendor Management
In my first post in this series I discussed training (employee and customer) as a good candidate for increased regulatory scrutiny in 2012. Although these posts are in no particular order, I had initially intended to list “Management” as the next trend. However a comment made to me by a banker at a recent conference…
-
Thankful for…Dodd-Frank?
I made a similar post last year about this time, so I thought I would continue the “Thanks-giving” tradition here…and no, I haven’t completely lost my mind about Dodd-Frank. Let me explain. Over the past year I’ve had the opportunity to give several presentations to various groups on the impact of Dodd-Frank (DFA) on community…
-
Access Rights a frequent finding
In reviewing recent audit and examination findings, the issue of access rights and permissions is coming up with increasing regularity. Making sure that end-users have no more access rights than absolutely necessary to do their job is one of the best information security controls. According to the FFIEC, formal access rights administration for users consists…
-
The “Security Breach” and your Incident Response Program
Last week Wells Fargo said that some of their customers in South Carolina and Florida received portions of other customers’ bank statements in the mail as the result of a printer error. Essentially a printer malfunction caused some printed statements to contain a portion of another customer’s statement to be appended to the bottom. A…