-
Risk Managing BYOD (bring your own device)
Thanks in part to social media, users today often don’t differentiate between work and non-work activities, and they certainly don’t want to have to carry multiple work/non-work devices to keep them connected. As a result, new multi-function, multi-purpose mobile devices are constantly being added to your secure financial institution network…and often in violation of your…
-
The single most important vendor management control
Pop quiz…according to the FFIEC Handbook on Outsourcing Technology Services… “The ________ is the single most important control in the outsourcing process”: Initial due diligence process Review of third-party audit reports Contract Risk Assessment Vendor’s financial stability I’ve written before about the importance of the third-party review in the ongoing vendor management process (and how…
-
NIST releases new Cloud Computing Guidelines
Although not specific to the financial industry, the new guidelines provide a comprehensive overview of the privacy and security challenges of this increasingly popular computing model. It’s worth a look by both financial institutions considering cloud-based services, as well as service providers, because NIST guidelines often wind up as the basis for new or updated…
-
2012 Compliance Trends, Part 5 – Uncertainty (UPDATE)
Similar to my previous post on Risk Assessments, I believe Uncertainty is also a 2-part trend: – Uncertainty about future regulatory changes, and – Uncertainty about the interpretation of existing regulations
-
Another incident management table-top training exercise
I’ve mentioned before that financial institutions would be wise to use news reports of security incidents as “what if” table-top training exercises. Here is another one that just occurred a couple of days ago: Test scenario: You receive a subpoena from a government agency requesting financial information on several customers. The subpoena includes names and…
-
FDIC offers “Insight” on Mobile Banking
Although not considered official supervisory guidance, the most recent FDIC Supervisory Insights newsletter offers an instructive early look into how the agency might examine this emerging electronic banking delivery method in the future. (Before you tune out and decide to wait for the formal guidance, remember it was the Winter 2009 issue that first introduced…