Information Security

3rd Party Breaches – Are YOU Reaching Out to Your Customers/Members?

Okay, the Equifax breach wasn't your fault. Neither was the Home Depot breach, Target breach, etc., etc. Thus, the Data Breach Notification regs don't apply to you so you're clear of any responsibility. Or are you? I scoured a couple hundred bank and credit union websites this weekend and found that very few provided any information [...]

A Vendor’s Incident Response Plan is Only Half the Story!

When outsourcing services to vendors where sensitive/confidential data or critical services are involved, most of us request some combination of Business Continuity Plan, DR Plan, DR test results and Incident Response Plan. That's only half the battle. Of particular interest is the Incident Response Plan. The IRP is certainly something you'd want to review but all [...]

So many SOC’s to review, so little time and staff to go around. Here’s a crash course:

Crash course here: http://bit.ly/1Oobnan Everyone is heavily overburdened with the demands of trying to comply with regulations. So if your IT or Info Security team doesn't have enough staff to review all SOC reports (or possibly just reviews those with exceptions) yet your internal audit dept wants proof that reviews of all SOC reports are conducted, [...]