Author: Tom Hinkel

  • “Concentration of duties”

    It is not unusual for a community financial institution with limited personnel to have the Information Security Officer (ISO) act as a backup network administrator.  In fact, this is a relatively common practice in an environment where key personnel will typically wear several hats.  And there are practical reasons for this; the ISO is typically…

  • The Control Self-Assessment (CSA)

    If there was a process that was mentioned 43 times in 7 of the 12 FFIEC IT Examination Handbooks, (including 12 times in the Information Security Handbook alone!), would you consider implementing it?  How about if it virtually assured better audits and examinations?  OK, you’re interested, but the last thing you need is to implement…

  • The RSA breach, and 5 things you should do

    For those of us already waiting for the latest update on guidance from the FFIEC on Internet Authentication, the news of the recent RSA SecurID breach complicates things a bit. One-time password (OTP) hardware devices (tokens…

  • IT Composite Ratings: 1 vs. 2

    In a recent survey conducted with our customers, we asked them to tell us (anonymously) what their FDIC IT composite scores were after their last IT examination, and whether those scores increased (got worse), or decreased (got better).  The average score was 1.8 on the 5 point scale.  Of course the results could be attributed…

  • Risk Managing Social Media – 4 Challenges

    Twitter, LinkedIn, Facebook, Google+…the decision to establish an on-line presence is a very popular topic these days, and it is extremely easy to do, but effectively managing social media risk can be frustratingly complicated.  In many ways. it just doesn’t lend itself to traditional risk management techniques, so the standard pre-entry justification process is much…

  • Auditor rotation – pro and con

    The practice of periodically changing, or rotating, your external auditor has been a topic of interest with our customers lately, and there are two schools of thought on this. The pro-rotation side takes the position that a different set of eyes…