-
BYOD Redux – The Policy Solution (Part 2)
In the previous post, I suggested that because mobile devices (smart phones and PDA’s) were not that functionally different in how they process, transmit, and store information than other mobile computing devices like laptops, a separate policy wasn’t necessary. Since data security, confidentiality and integrity concerns were the same as other devices, you should be…
-
BYOD Redux – The Policy Dilemma (Part 1)
Employee-owned mobile devices are everywhere, and they’re being used for everything from email to document storage and editing. Proper risk management procedures are defined in your policies, but do you need a separate mobile device policy, or can you simply mention them in the same policy sections that address other portable devices? Or is there…
-
Interpreting The New FFIEC Authentication Guidance – 5 Steps to Compliance
We’ve all now had a couple of weeks to digest the new guidance, and what has emerged is a clearer understanding of what the guidance requires…and what it doesn’t. But before we can begin to formulate the specific compliance requirements, we have to interpret what the guidance is actually saying…and what it isn’t. And along…
-
SOC 2 vs. SAS 70 – 5 reasons to embrace the change
The SOC 2 and SOC 3 audit guides have recently been released by the AICPA, and the SAS 70 phase-out becomes effective tomorrow. The more I learn about these new reports the more I like them. First of all, as a service provider to financial institutions we will have to prepare for this engagement (just…
-
FDIC issues new FIL…
…and pretty much confirms what most of us already knew; regulatory scrutiny has increased across the board. FIL-13-2011 entitled “Reminder on FDIC Examination Findings” was just released March 1st, and in spite of the title, is not so much a reminder but a response. Here is the one-line summary: “Recently, the FDIC has received some…
