-
7 Cloud Vendor Deal Breakers for Financial Institutions
With all the recent focus on vendor management in general, and cloud vendors in particular, there has been a lot of discussion about changing regulatory requirements and best practices. For the most part, cloud vendors must adhere to the same due diligence, contract, and monitoring guidelines as any other vendor However there are a few…
-
Risk Assessing iCloud (and other online backups) – UPDATE 2, DropBox
Update 2 (8/2012) – Cloud-based storage vendor DropBox confirmed recently that a stolen employee password led to the theft of a “project document” that contained user e-mail addresses. Those addresses were then used to SPAM DropBox users. The password itself was not stolen directly from the DropBox site, but from another site the employee used. …
-
Commercially UNreasonable Security
So an appellate court has just reversed the PATCO court ruling, essentially deciding against the financial institution. They ruled that the banks’ security procedures were commercially UN-reasonable.
-
“Operational Risk Increasing”
In a recent speech to the Exchequer Club1, Thomas J. Curry, the new head of the OCC, stated that although asset quality has improved, charge-off rates have fallen, and capital now stands at its highest level in a decade, another type of risk is gaining increasing prominence; Operational Risk. “Some of our most seasoned supervisors,…
-
FDIC Supervisory Letter Issued on Critical Service Provider
(NOTE: Although the vendor in question has been publicized by the NCUA, I will not name it here because it is not relevant. If you currently contract with the vendor you know who it is, and you need to know how to respond to the letter. If you don’t, you’ll need to know how to…
-
FFIEC Handbook Update – SAS 70 Transition
The FFIEC has just updated their online IT Examination InfoBase to address the AICPA phase-out of the SAS 70 reporting format. All references to “SAS 70” have now been replaced, and the SAS 70 sections of the Audit and Information Security Handbooks have been completely removed. Previously there were a total of 31 references to…