The Bedel Security Blog

Information security expertise exclusively for you.

Sign Up Today

Risk Management

2 min read

Why We Built The BaaS Risk Checklist (And What We’re Hoping to Learn)

Chris Bedel: Jul 25, 2025

Over the past year, I’ve had more than a few community bank leaders ask me the same question: “How can we explore innovation without putting the bank...

Risk Management BaaS Banking as a Service Community Banking Risk Mitigation Innovation
Read More

2 min read

Why the FFIEC CAT Isn’t Your Risk Assessment—And What To Do Instead

Chris Bedel: Jun 13, 2025

With the upcoming sunset of the FFIEC Cybersecurity Assessment Tool (CAT) in less than three months, community banks are beginning to get nervous...

Risk Assessment CAT vCISO Virtual CISO Cybersecurity Risk Management NIST-CSF
Read More

2 min read

The Wild, Untamed, and Exciting World of Passkeys

Brian Petzold: May 30, 2025

In today's digital landscape, securing user authentication is more critical than ever. Recently, I explored the benefits of using Yubikeys and...

Access & Authentication Multi-factor Authentication Vulnerability Cybersecurity Risk Management Passkeys
Read More

2 min read

From Compliance to Confidence

Andrew Hernandez: May 16, 2025

Building a Risk-Based Information Security Program for Community Banks For many community banks, passing a regulatory exam can feel like a victory...

Risk Assessment Cybersecurity Risk Management Regulatory Compliance NIST-CSF
Read More

2 min read

Using RACI Charts to Strengthen Risk Management and InfoSec Programs

Jordan Rosiak: May 9, 2025

Without defined roles, critical tasks like policy reviews, incident response, and business continuity planning, or risk assessments can be overlooked...

Information Security Program Governance Risk Management Compliance RACI
Read More

3 min read

Strengthening Cybersecurity with a Single Source of Truth

John Freerksen: May 2, 2025

In the current cybersecurity landscape, organizations generate and rely on vast amounts of data from various tools, systems, and platforms. Without a...

Incident Response Cybersecurity Risk Management Compliance Identity and Access Management
Read More

4 min read

Beyond the CAT: Building on a Foundation That Lasts

Chris Bedel: Apr 18, 2025

Introduction As most bankers know by now, the FFIEC Cybersecurity Assessment Tool (CAT), first released in 2015, will officially sunset on August 31,...

CAT FFIEC Risk Management Regulatory Compliance NIST-CSF
Read More

5 min read

AI Model Risk Management in Financial Institutions

Andrew Hernandez: Mar 20, 2025

Today we’ll discuss our newest and perhaps most ubiquitous buzzword: AI (Artificial Intelligence). Identifying and mitigating risks of AI are...

Information Security Program AI Artificial Intelligence Risk Management DLP Regulatory Compliance
Read More

3 min read

Understanding the Second Amendment to DFS Part 500: What Financial Institutions Need to Know

Jordan Rosiak: Mar 13, 2025

The Second Amendment to the New York Department of Financial Services (NYDFS) Part 500, finalized on November 1, 2024, introduces more stringent...

Controls Governance Risk Assessment Incident Response Audit Multi-factor Authentication Risk Management Compliance DFS 500
Read More

2 min read

In a World of Emerging Technology, One Truth Remains

Chris Bedel: Feb 28, 2025

Artificial intelligence, quantum computing, cryptocurrency, banking as a service - there’s no shortage of new technology shaking up the financial...

Information Security Program Controls Governance Risk Assessment Audit Risk Management
Read More
1 2 3 Next