Tag: employee training

  • New cyber attack targeting small to medium-sized financial institutions

    The FBI, in association with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center (IC3), recently issued a fraud alert warning that criminals are using a multi-vector attack to compromise financial institution networks and initiate fraudulent wire transfers.  The first thing that struck me about this attack is that […]

  • Risk Managing BYOD (bring your own device)

    Thanks in part to social media, users today often don’t differentiate between work and non-work activities, and they certainly don’t want to have to carry multiple work/non-work devices to keep them connected.    As a result, new multi-function, multi-purpose mobile devices are constantly being added to your secure financial institution network…and often in violation of your […]

  • FDIC changing annual IT report to Board?

    Based on recent examination findings, it would appear that the FDIC is changing what they expect to see in the annual information security report to the Board of Directors.  The requirement for the report is established in the FFIEC Information Security Handbook where it states that a written report to the board should describe the […]

  • 2012 Compliance Trends, Part 1 – Training

    This post will begin a series of 5 topics that I consider to be good candidates for increased regulatory scrutiny in the coming year.  For each topic, I will make the case for increased scrutiny based on 3 criteria: Recent audit and examination experience, Regulatory changes, and Recent events. In keeping with my policy of […]

  • The current single biggest security threat to financial institutions – UPDATE

    (UPDATE – Hord Tipton, executive director of (ISC)2, posted recently on the biggest data breaches of the past year.  His analysis confirms that ” …humans are still at the heart of great security successes – and, unfortunately, great security breaches…The lesson we learn from this year’s breaches is that most of them were avoidable – […]