-
Another incident management table-top training exercise
I’ve mentioned before that financial institutions would be wise to use news reports of security incidents as “what if” table-top training exercises. Here is another one that just occurred a couple of days ago: Test scenario: You receive a subpoena from a government agency requesting financial information on several customers. The subpoena includes names and…
-
FDIC offers “Insight” on Mobile Banking
Although not considered official supervisory guidance, the most recent FDIC Supervisory Insights newsletter offers an instructive early look into how the agency might examine this emerging electronic banking delivery method in the future. (Before you tune out and decide to wait for the formal guidance, remember it was the Winter 2009 issue that first introduced…
-
The “Security Breach” and your Incident Response Program
Last week Wells Fargo said that some of their customers in South Carolina and Florida received portions of other customers’ bank statements in the mail as the result of a printer error. Essentially a printer malfunction caused some printed statements to contain a portion of another customer’s statement to be appended to the bottom. A…
-
The current single biggest security threat to financial institutions – UPDATE
(UPDATE – Hord Tipton, executive director of (ISC)2, posted recently on the biggest data breaches of the past year. His analysis confirms that ” …humans are still at the heart of great security successes – and, unfortunately, great security breaches…The lesson we learn from this year’s breaches is that most of them were avoidable –…
-
Risk Assessing Internet Banking – Two Different Approaches
One of the big “must do” take-aways from the updated FFIEC Authentication Guidance was the requirement for all institutions to conduct risk assessments. Not just prior to implementing electronic banking services, but periodically throughout the relationship if certain factors change, such as: changes in the internal and external threat environment, including those discussed in the…
-
Time to re-think the role of the network administrator?
Traditionally, the network administrator needed to operate at “ground-level”. Network maintenance was highly specialized and problematic, requiring a constant hands-on approach. And in the very early days (when the Guru started… “he who speaks of floppy disks”…) there were few formal training classes, most of what you learned was by trial and error…lots of error!…