-
Patch deployment – now or later? (with interactive poll!)
We recently saw an examination finding that recommended that “Critical Patches be deployed within 24 hours of notice (of patch release)”. This would seem to contradict the FFIEC guidance in the Information Security Handbook that states that the institution: “Apply the patch to an isolated test system and verify that the patch… (1) is compatible…
-
FDIC changing annual IT report to Board?
Based on recent examination findings, it would appear that the FDIC is changing what they expect to see in the annual information security report to the Board of Directors. The requirement for the report is established in the FFIEC Information Security Handbook where it states that a written report to the board should describe the…
