Prepares financial institutions for increasing cybersecurity threats,
All regulatory statements about cybersecurity have singled out the need for an effective incident response plan, and the
How often is my institution testing its plans to respond to a cyber-attack? Do these tests include our key internal and external stakeholders?
While vendor oversight does provide some measure of assurance in outsourced relationships, banks have very little actual control over specific vendor-based preventive controls. Additionally, regulators make no distinction between a financial institution’s responsibilities for data security within direct control, and data outside direct control of the institution. Essentially, when outsourcing, institutions have 100 percent of the responsibility and zero control. Detective and corrective/responsive controls must compensate for the lack of preventive controls in order to maintain compliance and reinforce security. An institution’s plan is only as good as it proves to be during testing.
There are three key areas of support that Safe Systems provides to its customers through this service:
1. Assures that the objectives of the test align completely with regulatory guidance and best practices.
2. Identifies the scenario of the incident being tested. Ideally it should be drawn from recent industry events, something the institution has actually experienced, or even derived from a recent social engineering test.
3. Fully documented and presented in a manner that can be delivered to the board, as well as auditors and examiners.
“Vendor due diligence and on-going oversight are still very important, but because of the relative lack of control in an outsourced relationship, an effective incident response plan is the best, and perhaps only, defense,” said
About Safe Systems
Founded in 1993, Safe Systems is the national leader in providing compliance-centric IT solutions exclusively to financial institutions. We currently manage hundreds of financial institutions representing more than
Source: Safe Systems