Category: Hot Topics

  • .Bank or .Bust? New Top Level Domain Promises Increased Security (and Plenty of Questions)

    .Bank or .Bust?  New Top Level Domain Promises Increased Security (and Plenty of Questions)

    Bankers are being encouraged to register their domain names under the new .bank extension, and although there are reasons to consider making the switch, there are also many questions to answer.  Registration is currently open for institutions with a trademarked domain name.  Open registration begins June 23. First of all, the regulators have not offered an…

  • FFIEC Issues Stealth Update to BCP Handbook

    FFIEC Issues Stealth Update to BCP Handbook

    This caught me by surprise as it was not formally announced in the “What’s New” section, but the Appendix J update to the Business Continuity Planning Handbook apparently constituted a complete update to the Handbook.  Here is what the press release said in part: The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised…

  • FFIEC Issues 2 Statements on Cybersecurity

    Both statements address recent cybersecurity threats; one targeting online credentials (passwords, usernames, e-mail addresses that may be used by employees or customers to authenticate themselves), and one addressing destructive malware.  The statements advise specific risk mitigation steps institutions should consider, and I thought it would be instructive to compare the steps to see which are common to…

  • FFIEC Issues Update to Business Continuity Guidance

    The FFIEC just issued new BCP Guidance in the form of a 16 page addendum to the existing 2008 IT Handbook on Business Continuity Planning. It is titled “Appendix J: Strengthening the Resilience of Outsourced Technology Services”, and it has significant implications for both financial institutions and service providers, and across the entire business relationship…

  • Vendor Management in 3 Parts. Part 3 – Risk Management (or, “can we or can’t we?”)

    The last step in the vendor management process is to manage, or control, the risk that was identified in step 1, and assessed (as inherent risk) in step 2.  Controlling risk is defined as applying risk mitigation techniques (or “controls”) to reduce risk to acceptable levels  It’s important to understand that risk can never be completely eliminated,…

  • Vendor Management in 3 Parts. Part 2 – Risk Assessment (or, “will they or won’t they?”)

    In Part 1 I said that vendor management, just as any other risk management endeavor, consists of 3 basic phases; Identify the risk Assess the risk, and Control the risk I also discussed why risk identification was a more difficult task today because of the “access to data” question, and also because “data” includes not just NPI, but confidential…