Tag: cybersecurity

  • UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    UPDATE – New Proposed Cyber Incident Notification Rules Finalized

    Last updated March 30, 2022. Currently, financial institutions are required to report a cyber event to their primary federal regulator under very specific circumstances. This requirement dates back to GLBA, Appendix B to Part 364 and states that FI incident response plans (IRP’s) should contain procedures for: “Notifying its primary Federal regulator as soon as…

  • A Look Back at 2020 and a Look Ahead to 2021: A Regulatory Compliance Update

    A Look Back at 2020 and a Look Ahead to 2021: A Regulatory Compliance Update

    From SafeSystems.com/Safe-Systems-Blog Safe Systems recently published a two-part regulatory compliance blog series that looked back at 2020 and ahead to 2021. In Part 1, we explored how regulations related to the Pandemic dominated the compliance landscape early in 2020 forcing financial institutions to make adjustments to their procedures and practices on the fly. In Part…

  • Can We Apply Similar Controls to Satisfy Both GLBA and GDPR?

    Can We Apply Similar Controls to Satisfy Both GLBA and GDPR?

    Hey Guru! Are the Gramm–Leach–Bliley Act (GLBA) and the General Data Protection Regulation (GDPR) similar enough to apply the same or equivalent set of layered controls? My understanding is that GDPR has placed a higher premium on the protection of a narrower definition of data. So, my question is more about whether FFIEC requirements for…

  • FFIEC Issues Joint Statement on Cyber Insurance

    FFIEC Issues Joint Statement on Cyber Insurance

    The statement is here, and is intended to provide additional awareness about the possible use of cyber insurance to off-set financial losses resulting from cyber incidents. Here are a few high-level observations: First of all, we’ve seen several announcements from various organizations stating that “the FFIEC has released new guidance…”. The statement makes it clear…

  • FFIEC Cybersecurity Assessment Tool Update

    FFIEC Cybersecurity Assessment Tool Update

    The FFIEC recently released a long-awaited update to the Cybersecurity Assessment Tool, and we think overall it is a relatively minor but useful evolution. But before we get into the details of what the update does address, it’s important to note that it did not address the ambiguity issues that plague the current assessment. One…

  • Ask the Guru: How Can I Best Determine My Cyber Risk Profile?

    Ask the Guru: How Can I Best Determine My Cyber Risk Profile?

    Hey Guru! We just completed the Cybersecurity Assessment, so now we have our current risk and control maturity levels identified.  Can we draw any conclusions about our average risk and control levels?  For example, most of our risks are in the Least and Minimal areas, but we do have a few Moderate as well.  Can we…