The single most important vendor management control

Posted by Tom on February 22, 2012 · Leave a Comment

Pop quiz…according to the FFIEC Handbook on Outsourcing Technology Services…

“The ________ is the single most important control in the outsourcing process”:

Initial due diligence process
Review of third-party

Filed under Hot Topics · Tagged with Outsourcing technology, technology service providers, vendor contracts, Vendor Management

NIST releases new Cloud Computing Guidelines

Posted by Tom on February 6, 2012 · Leave a Comment

Although not specific to the financial industry, the new guidelines provide a comprehensive overview of the privacy and security challenges of this increasingly popular computing model. It’s worth a look …
Read the rest of the article

Filed under Hot Topics · Tagged with cloud computing, FFIEC, IT Examination Handbooks, NIST, SOC 2, Vendor Management

2012 Compliance Trends, Part 5 – Uncertainty (UPDATE)

Posted by Tom on January 16, 2012 · Leave a Comment

Similar to my previous post on Risk Assessments, I believe Uncertainty is also a 2-part trend:

- Uncertainty about future regulatory changes, and
- Uncertainty about the interpretation of existing …
Read the rest of the article

Filed under Hot Topics · Tagged with 2012 Trends, Dodd-Frank, Examination, examination findings, FFIEC

2012 Compliance Trends, Part 4 – Risk Assessments

Posted by Tom on January 4, 2012 · Leave a Comment

Information security, business continuity, vendor management, ID theft, RDC, Internet banking…it seems that every time you do anything these days you’re expected to perform a risk assessment. This is nothing …
Read the rest of the article

Filed under Hot Topics · Tagged with 2012 Trends

2012 Compliance Trends, Part 3 – Management

Posted by Tom on December 19, 2011 · Leave a Comment

I’ve written about the importance of this before, and from many different angles, but I want to recap and explain why I think management (both IT and enterprise) will be …
Read the rest of the article

Filed under Hot Topics · Tagged with 2012 Trends, CAMELS Ratings, governance, management

2012 Compliance Trends, Part 2 – Vendor Management

Posted by Tom on December 7, 2011 · Leave a Comment

In my first post in this series I discussed training (employee and customer) as a good candidate for increased regulatory scrutiny in 2012. Although these posts are in no particular …
Read the rest of the article

Filed under Hot Topics · Tagged with 2012 Trends, SAS 70, SOC 2, Vendor Management

2012 Compliance Trends, Part 1 – Training

Posted by Tom on November 15, 2011 · Leave a Comment

This post will begin a series of 5 topics that I consider to be good candidates for increased regulatory scrutiny in the coming year. For each topic, I will make …
Read the rest of the article

Filed under Hot Topics · Tagged with 2012 Trends, customer awareness and education, employee training, social engineering, social media

The “Security Breach” and your Incident Response Program

Posted by Tom on October 28, 2011 · Leave a Comment

Last week Wells Fargo said that some of their customers in South Carolina and Florida received portions of other customers’ bank statements in the mail as the result of a …
Read the rest of the article

Filed under Hot Topics · Tagged with Incident response, incident response program, information security, Suspicious activity report

Risk Assessing iCloud (and other online backups) – UPDATE

Posted by Tom on October 17, 2011 · Leave a Comment

(Updated the Challenges & Solutions section)

Apple recently introduced the iCloud service for Apple devices such as the iPhone and iPad. The free version offers 5GB of storage, and additional …
Read the rest of the article

Filed under Hot Topics · Tagged with cloud, cloud storage, data vaulting, DropBox, FFIEC, iCloud, information security, Outsourcing, Vendor Management