-
Thankful for…Appendix A?!
When you were a kid, you hated the “pop quiz” right? But if the teacher allowed you to use your notes and textbooks, you felt like you at least had a fighting chance. I’ve taken both proctored and “open book” certification exams, and I’ve always felt that open-book exams more accurately reflected how most of…
-
Mobile devices and information security
The key to addressing the risk of mobile devices is to think of them as functionally equivalent to a PC (with all the information security risks…
-
Dodd-Frank and agency consolidation
Although the specific requirements and burdens of the almost 250 regulations and more than 2000 pages in the Dodd-Frank Act are yet to…
-
The FFIEC Handbooks and the SAS 70
I’ve written about the 6/15/2011 phase-out of the SAS 70 report in favor of the SSAE 16 series (SOC 1, SOC 2, SOC3) here and here. The AICPA isn’t expected to update their audit guide until sometime early next year, but financial institutions are anxious to get the FFIEC to comment, as the SAS 70…
-
The 5 trickiest FDIC IT examination questions (part 5).
In my last post, I asked you to weigh in on what question you wanted me to address in this final post of the series. This one came from a bank that was in the process of actually filling out the questionnaire, and it’s a good one. It’s found in the Vendor Management section: “Has…
-
Interview with head of FDIC IT examinations
In an interview with Don Saxinger at bankinfosecurity.com, the head of IT examiner oversight addresses vendor management. Here is my summary of that interview: