On December 5th the Federal Reserve issued a new Guidance on Managing Outsourcing Risks. The Guidance identifies the six (6) primary types of risk and how they should be addressed. Read the Guidance on Managing Outsourcing Risk
On November 14th and 15th, the National Institute of Standards and Technology (NIST) hosted its 5th Cybersecurity Framework workshop, to discuss the implementation and future governance of their Cybersecurity Framework. Bringing together critical Infrastructure owners and operators and cybersecurity staff,...
Despite Blackberry’s somewhat disappointing news recently, that it would take a capital infusion rather than a buyout from Fairfax, both Blackberry and Microsoft’s Office product are well-known and recognized tools of the workplace. Blackberry maintains a good portion of its...
In my previous blog, The SIG – The Swiss Army Knife of Risk Assessment, I commented on the versatility of the SIG, the Shared Assessments Program’s Standardized Information Gathering questionnaire. This month I want to discuss its complementary, on-site assessment...
It’s been an exciting week in the 3rd party oversight arena, first with the OCC’s revised third party guidance released on October 31st and then, on November 7th, the formal release of the latest PCI DSS, version 3.0. As expected,...
Shared Assessments Program Director, Brad Keller, recently participated on an expert online panel discussion hosted by Prevalent Networks and Symantec. The panel of leading experts in 3rd party risk reviewed the best practices in 3rd party risk and cybersecurity, answered...
Today the Security Standards Council (PCI) published the PCI Data Security Standard 3.0 (PCI DSS v3.0). Third Party Risk is now a focus. Version 3.0 will become effective on January 1, 2014. Per the PCI Press Release, Version 3.0 will...
Cybercriminals are targeting privileged network users in ways that are increasingly devastating to security efforts across the financial services industry. These types of insider threats have become more prevalent in the past two years due to the combination of: Increased...
Yesterday the OCC released its long awaited Guidance on Third-Party Relationships (OCC 2013-29). Notably, this Guidance, posted below, rescinds OCC Bulletin 2001-47, “Third-Party Relationships: Risk Management Principles,” and OCC Advisory Letter 2000-9, “Third-Party Risk.” The Guidance introduces the OCC’s interpretation...
Reputation risk and corporate ethics are top of mind for Boards of Directors and Executive Management. However, expectations for financial service organization’s “compliance manners” are getting a makeover in responsible business conduct based on a recent bulletin from the Consumer...
Although it seems as if the Payment Card Industry Data Security Standard (PCI DSS) was launched yesterday, the standards organization was in fact created in 2006 to consolidate and better promulgate the major credit card organizations’ then overlapping data security...
The FDIC Advisory Committee on Community Banking meeting in July 2013 included an extensive discussion of the responsibility of banks in ensuring their vendors consistently meet privacy and other information security regulations and requirements. ((Established in May 2009, the Advisory...
