-
Incident Response guidance – UPDATE
UPDATE – The National Institute of Standards and Technology (NIST) has just released an update to their Computer Security Incident Handling Guide (SP 800-61). The guide contains very prescriptive guidance that can be used to frame, or enhance, your incident response plan. It also contains a very useful incident response checklist on page 42. I’ve…
-
FDIC Supervisory Letter Issued on Critical Service Provider
(NOTE: Although the vendor in question has been publicized by the NCUA, I will not name it here because it is not relevant. If you currently contract with the vendor you know who it is, and you need to know how to respond to the letter. If you don’t, you’ll need to know how to…
-
Bank Directors and Officers targeted in 2011
The final numbers are in for 2011, and it was a record year for Director and Officer (D&O) lawsuits by the FDIC. In 2011 alone, 264 defendants were named in FDIC lawsuits. To put that in perspective, that’s more than twice the number sued in the previous 2 years combined. Some of the most frequently…
-
Access Rights a frequent finding
In reviewing recent audit and examination findings, the issue of access rights and permissions is coming up with increasing regularity. Making sure that end-users have no more access rights than absolutely necessary to do their job is one of the best information security controls. According to the FFIEC, formal access rights administration for users consists…
-
FDIC Sues Bank Directors (again)
On June 19, 2009 Cooperative Bank in Wilmington, NC was closed by the North Carolina Commissioner of Banks and the FDIC. Federal banking regulators are now suing Cooperative Bank’s chairman and eight members of the board of directors for more than $145 million for negligence and breaches of fiduciary duty. One of the FDIC’s assertions…