When the Gramm-Leach-Bliley Act was implemented, each regulatory agency adopted a set of interagency guidelines and regulations required for compliance with the provisions of the Act. Within each of...
Recent Posts
When we start working with financial institutions, we often find that there is a lot of confusion around how cybersecurity inherent risk and residual risk should be defined. The assessments seem to...
Asset Management is one of the foundations of a sound Information Security Program, but it is also often neglected in the rush to replace or decommission systems. Every IT Manager has been through...
We recently have seen an increase in “typosquatting” activity targeting financial institutions. Typosquatting is when someone registers a domain with a name that is very similar to the legitimate...
A group of US security agencies has once again designated September as “National Insider Threat Awareness Month” (NITAM). While insider threats are always a concern, the agencies point out that...
After helping many financial institutions complete their Cybersecurity Assessment Toolkit (“CAT”), we have found that there are a small number of CAT statements that commonly get institutions...
Information security programs are like onions. They have layers. Understanding the control layers of an information security program helps management of a financial institution stop seeing the...
Regulators expect that a financial institution will have a vulnerability scan performed by an independent third party at least annually. This scan normally occurs during the annual audit, with the...
Any seasoned IT pro can recount stories where seemingly insignificant components or very rare events brought down critical systems. Perhaps it was the failure of a core switch and its redundant twin...
When your institution needs to send a sensitive file to an outside party, how do you control what happens to that file? If you are like many, you may email it to them utilizing one of many email...