-
BYOD Redux – The Policy Dilemma (Part 1)
Employee-owned mobile devices are everywhere, and they’re being used for everything from email to document storage and editing. Proper risk management procedures are defined in your policies, but do you need a separate mobile device policy, or can you simply mention them in the same policy sections that address other portable devices? Or is there…
-
Customer Awareness Education – 3 reasons it should now be a top priority (and how to address it)
By now everyone has at the very least completed their electronic banking risk assessment, and most institutions have probably gotten feedback from their primary examiner on their progress. So what’s next? Where should you focus your time and resources now? Or should you just wait to see where the regulators go next? Here are 3…
-
NIST Incident Response Guidance released
UPDATE – The National Institute of Standards and Technology (NIST) has just released an update to their Computer Security Incident Handling Guide (SP 800-61). The guide contains very prescriptive guidance that can be used to frame, or enhance, your incident response plan. It also contains a very useful incident response checklist on page 42. I’ve…
-
Incident Response guidance – UPDATE
UPDATE – The National Institute of Standards and Technology (NIST) has just released an update to their Computer Security Incident Handling Guide (SP 800-61). The guide contains very prescriptive guidance that can be used to frame, or enhance, your incident response plan. It also contains a very useful incident response checklist on page 42. I’ve…
-
7 Cloud Vendor Deal Breakers for Financial Institutions
With all the recent focus on vendor management in general, and cloud vendors in particular, there has been a lot of discussion about changing regulatory requirements and best practices. For the most part, cloud vendors must adhere to the same due diligence, contract, and monitoring guidelines as any other vendor However there are a few…
-
Risk Assessing iCloud (and other online backups) – UPDATE 2, DropBox
Update 2 (8/2012) – Cloud-based storage vendor DropBox confirmed recently that a stolen employee password led to the theft of a “project document” that contained user e-mail addresses. Those addresses were then used to SPAM DropBox users. The password itself was not stolen directly from the DropBox site, but from another site the employee used. …