2 min read
Reviewing the New Interagency Third-Party Risk Management Guidance
On June 6th, the Federal Reserve, FDIC, and OCC released new interagency guidance on third-party risk management. The new guidance, based on existing...
Credit Unions (2)
2 min read
Should Financial Institutions have a BISO Program?
A BISO (Business Information Security Officer) is an ombudsman for business lines across an institution. This person is responsible for representing...
2 min read
Self-Assessing Authentication & Access Risk
A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since...
3 min read
How to Change Your Virtual CISO (or how to avoid it to begin with)
There’s been an interesting trend in the virtual CISO industry over the last several months.
2 min read
Tools to Check Out in the Cybersecurity Resource Guide
Last week, we saw the Federal Financial Institutions Council (FFIEC) announce an update to its Cybersecurity Resource Guide. It was originally...
1 min read
Preparing for a Security Incident
The worst time to develop an Incident Response Plan for dealing with a security incident is during an actual incident. It’s not a matter of “if” but...
2 min read
Where Does Managing Aggregator Risk Belong?
A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this...
1 min read
Checking the Box
I recently participated in an executive meeting at a bank where we discussed the real value of “checking the box” also known as the bare minimum,...
3 min read
A Platform Won’t Change Your Culture
“A platform won't change your culture.” This was a great quote by our COO, Stephanie Goetz, at our last offsite team meeting.