Cybersecurity Resources

The FDIC’s Winter 2015 Supervisory Insights includes an article on framework for cybersecurity.  With cybersecurity being a focus for both the NCUA and the DFI in 2016 exams, along with the risks associated with cyber threats, the article is a good read for credit unions (even if it is published by the competition). The article describes the evolving cyber threat … Read More

Class Actions Have Little Class Involved

part 1… Class action claims of website accessibility discrimination have been increasing recently. Two new complaints were filed last month for ADA (American’s with Disabilities Act) accessibility discrimination. These complaints allege that the National Basketball Association’s and Home Depot’s websites are not accessible to blind users. Also in November, Scribd agreed to update its access to eBooks to make them … Read More

FDIC Cybersecurity Resources

The FDIC provides cybersecurity awareness resources for financial institutions that credit unions can use to assess their risks and responses to threats. Within these, is a Community Bank Cyber Exercise that includes videos depicting unique security scenarios. The videos provide discussion topics on operational risk issues and the potential impact of information technology disruptions on common banking functions. The series … Read More

FFIEC Revised Management Booklet

The Federal Financial Institutions Examination Council (FFIEC) members issued a revised Management booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The Management booklet, including the examination procedures, has been substantially revised. The booklet outlines the principles of sound governance and, more specifically, information technology (IT) governance. The booklet explains how IT risk management relates to … Read More

Automated Cybersecurity Tool

The Financial Services Sector Coordinating Council has developed and made available an Automated Cybersecurity Assessment Tool that that can be used in conjunction with the FFIEC’s assessment tool. It is in a user-friendly Excel spreadsheet that provides risk criteria and cybersecurity maturity levels, then presents those results in graphs and charts to better illustrate where users need to focus efforts … Read More

Joint Statement on Cyber Attacks Involving Extortion

The FFIEC issued a Statement notifying financial institutions of the increasing frequency and severity of cyber attacks involving extortion. The Statement does not contain any new regulatory expectations. Credit unions should develop and implement effective programs to ensure they are able to identify, protect, detect, respond to, and recover from these types of attacks. The Statement recommends that financial institutions … Read More

NCUA Releases Cybersecurity Video

The video provides an overview of how the assessment tool works. The assessment tool can help credit unions pinpoint strengths and weakness in their cyber security programs. “The increasing volume and sophistication of cyber threats pose real risks to the credit union system,” NCUA Board Chairman Debbie Matz said. “NCUA has created this new video to supplement the online information … Read More

Changes to Information Technology Exams

The DCU has outsourced parts of its credit union IT exams to Security Compliance Associates (SCA) from November 2015 through June 2017. The Bulletin states more resources and hours will be devoted to IT examinations (i.e. one to two additional days will be added to the standard IT exams beginning in 2016). Examination hours will be scaled either down or … Read More