-
Another incident management table-top training exercise
I’ve mentioned before that financial institutions would be wise to use news reports of security incidents as “what if” table-top training exercises. Here is another one that just occurred a couple of days ago: Test scenario: You receive a subpoena from a government agency requesting financial information on several customers. The subpoena includes names and…
-
The “Security Breach” and your Incident Response Program
Last week Wells Fargo said that some of their customers in South Carolina and Florida received portions of other customers’ bank statements in the mail as the result of a printer error. Essentially a printer malfunction caused some printed statements to contain a portion of another customer’s statement to be appended to the bottom. A…
-
Incident response – to report or not?
For the purposes of regulator reporting and customer notification, it is critical that we first define an “incident”. Here is how an incident is defined by the FFIEC:
