-
The RSA breach, and 5 things you should do
For those of us already waiting for the latest update on guidance from the FFIEC on Internet Authentication, the news of the recent RSA SecurID breach complicates things a bit. One-time password (OTP) hardware devices (tokens…
-
AICPA finalizes SAS 70 replacement
I wrote about this here as well, but it’s now official: The AICPA has clarified the SAS 70 replacement reports. They are actually officially being referred to as “Service Organization Control Reports (formerly SAS 70 reports)”. The new SOC reports provide a framework for auditors to examine controls and to help senior management understand the…
-
Top 5 Compliance Trends for 2011 – Part 4
According to the FFIEC IT Examination Management Handbook, many institutions choose to delegate responsibility for monitoring IT activities to an IT Steering Committee. I also addressed this here. One of the most important roles of the IT Steering Committee is to ensure that the IT strategy is aligned with the overall business strategy. And the…
-
FFIEC to issue updated authentication guidance?
I’ve been hearing this rumor for a while now, but we may actually be seeing something new from the FFIEC soon. Gartner is the latest to suggest