In the ever-evolving world of financial services, where cyber threats are a constant and compliance mandates tighten, the importance of a robust Information Security Program (ISP) cannot be...

When we first start working with new institutions, it is not unusual for us to see them struggling because they have focused their efforts on remediating controls that were found to be missing...

In the rapidly evolving and dynamic business landscape, it is crucial for financial institutions to have and maintain an effective Incident Response Program. No longer is the Incident Response Plan...

In the seemingly disparate worlds of coaching little league baseball and managing cybersecurity risk within financial institutions, striking similarities emerge. Both roles require strategic...

Let’s discuss an old regulation that seems to be picking up new life in recent regulatory examinations, the Bank Service Company Act (BSCA). This Act is essential for ensuring that financial...

“Change is the only constant.”–Greek philosopher Heraclitus I’ve been involved in lots of conversations about change in the past week. “This AI stuff is going to change everything.” “I’m...

Institutions are looking at services using Artificial Intelligence (AI), such as loan decisioning, resume review, and process automation. Using these services can be risky not only because of the...

In a previous post, we explored the transition from a reactive to a proactive approach in managing an information security program. Building on that, let’s delve into how you can boost your...

In December 2023 the US Justice Department announced that they had disrupted operations of ALPHV/Blackcat, a ransomware group that was responsible for many of the most prolific attacks in 2023....

Today, I’m going to tackle the tightrope walk between regulatory compliance and real-deal security within the financial sector. It’s like juggling regulations while dodging cyber threats – sounds...