|  In

Incident Response in an Outsourced World

UPDATE – On June 6th the FFIEC formed the Cybersecurity and Critical Infrastructure Working Group, designed to enhance communications between and among the FFIEC members agencies as well as other key financial industry committees and councils.  The goal of this group will undoubtedly be to increase the defense and resiliency of financial institutions to cyber […]

 |  In

NIST Incident Response Guidance released

UPDATE – The National Institute of Standards and Technology (NIST) has just released an update to their Computer Security Incident Handling Guide (SP 800-61).   The guide contains very prescriptive guidance that can be used to frame, or enhance, your incident response plan.  It also contains a very useful incident response checklist on page 42.  I’ve […]

 |  In

Managing Social Media Risk – LinkedIn Edition

By now everyone has heard about the breach at LinkedIn, where 6.5 million email password hashes were leaked (over half of which have been cracked, or converted into plain text).  Those who read this blog regularly know how I feel about social media in general: “So managing social media risk boils down to this:  You […]

 |  In

Another incident management table-top training exercise

I’ve mentioned before that financial institutions would be wise to use news reports of security incidents as “what if” table-top training exercises.  Here is another one that just occurred a couple of days ago: Test scenario: You receive a subpoena from a government agency requesting financial information on several customers.  The subpoena includes names and […]