-
Windows XP and Vendor Management
The FFIEC issued a joint statement recently regarding Microsoft’s discontinuation of support for Windows XP. The statement requires financial institutions to identify, assess, and manage the risks of these devices in their institutions after April 8, 2014. After this date Microsoft will no longer provide regular security patches or support for this product, potentially leaving…
-
Data Classification and the Cloud
UPDATE – In response to the reluctance of financial institutions to adopt cloud storage, vendors such as Microsoft and HP have announced that they are building “hybrid” clouds. These new models are designed to allow institutions to simultaneously store and process certain data in the cloud, while a portion of the processing or storage is done…
-
Critical Controls for Effective Cyber Defense – Converging Standards?
Earlier this year the SANS Institute issued a document titled “Critical Controls for Effective Cyber Defense“. Although not specific to financial institutions, it provides a useful prescriptive framework for any institution looking to defend their networks and systems from internal and external threats. The document lists the top 20 controls institutions should use to prevent…
-
Incident Response in an Outsourced World
UPDATE – On June 6th the FFIEC formed the Cybersecurity and Critical Infrastructure Working Group, designed to enhance communications between and among the FFIEC members agencies as well as other key financial industry committees and councils. The goal of this group will undoubtedly be to increase the defense and resiliency of financial institutions to cyber…
-
The Financial Institutions Examination Fairness and Reform Act – Redux
This new bill (H.R. 1553) introduced on April 15th is actually a word-for-word duplicate of H.R. 3461 which I wrote about here. The previous bill died in committee, but H.R. 1553 has a few more sponsors. Now, I know what you are thinking…that there is no such thing as “good” regulation. But bear with…
-
Court rules in favor of Bank in account takeover case
Unlike the PATCO ruling, a district court in Missouri has ruled in favor of the bank in an account takeover case brought by one of its commercial customers. This case was very similar to the PATCO case with one important exception, which I’ll discuss shortly. But it also raises some interesting questions that could impact…
