

Back to Blog

Computer-Security Incident Notification Requirements for Banking Organizations

By Finosec

April 27, 2022

Have you addressed the Computer-Security Incident Notification Requirements for Banking Organizations? Full compliance has been extended to May 1, 2022.

Five questions to ask:

Have we updated our Incident Response Plan?
Do we have documentation of who and how we will notify the regulators?
Do our critical third party vendors have the correct contacts for notification?
Has our Business Continuity Plan been updated to match the verbiage in the guidance?
When is your next Incident Response Test and how will you update it?

More from Finosec

The Critical Link Between Third-Party Risk Management (TPRM) and Access Management

The Critical Link Between Third-Party Risk Management (TPRM) and Access Management

by Zach Duke | Nov 7, 2024

As highlighted in a recent article from the Federal Reserve, managing third-party relationships and the access associated with those relationships is a critical component of Third-Party Risk Management (TPRM). The associated access third party vendors have to banking systems is known as Access Management and is foundational for mitigating risks associated with third-party relationships. Access Management may be easy to overlook because it does not always reside with the same person or team as TPRM; making it difficult to provide critical oversight.

With increased regulatory focus, how should institutions be thinking of Access Management? Here are five steps your institution can take today to strengthen your third-party governance.

The Evolving Role of Access Management: What Financial Institutions Need to Know About the New FFIEC Guidance

The Evolving Role of Access Management: What Financial Institutions Need to Know About the New FFIEC Guidance

by Beth Sumner | Oct 30, 2024

With all eyes focused on AI regulations and the sunset of the Cybersecurity Assessment Tool (CAT), the recently released FFIEC Development, Acquisition, and Maintenance (DA&M) has almost slid under the radar. However, this new booklet is a complete rewrite...

FFIEC Authentication Guidance: Are You Meeting the Expectation?

FFIEC Authentication Guidance: Are You Meeting the Expectation?

by Zach Duke | Oct 10, 2024

The FFIEC has updated their expectations for access management with the Authentication and Access to Financial Institution Services and Systems Guidance. This guidance expands beyond traditional customer authentication and places a significant emphasis on...

The Critical Foundation of Managing Access to Banking Systems

The Critical Foundation of Managing Access to Banking Systems

by Zach Duke | Sep 26, 2024

Managing access to banking systems has become increasingly complex as financial institutions navigate legacy reporting systems, API access, and cloud solutions. These challenges, along with the risks posed by unmanaged systems, emphasize the need for maintaining a...

How to Get Your Information Security Budget Approved in Cost-Sensitive Times for Community Banks

How to Get Your Information Security Budget Approved in Cost-Sensitive Times for Community Banks

by Zach Duke | Aug 29, 2024

In the current economic environment, community banks face unique challenges such as rate compression, shrinking margins, liquidity and commercial real estate concerns. These factors make the upcoming budgeting season particularly daunting for IT and information...

Challenges of Manual User Access Reviews in Community Financial Institutions

Challenges of Manual User Access Reviews in Community Financial Institutions

by Beth Sumner | Aug 1, 2024

When I first entered the banking world, user access reviews were much more straightforward. Spreadsheets were used to capture the basics of who had network and core application access. There was a page in each employee’s file listing the keys and codes they had, and...

Talk To An Expert Now 770.268.2765