All regulatory statements about cybersecurity have singled out the need for an incident response plan, and the FFIEC refers specifically to incident response testing.
While vendor oversight does provide some measure of assurance in outsourced relationships, banks have very little actual control over specific vendor-based preventive controls. Additionally, regulators make no distinction between a financial institution’s responsibilities for data security within direct control, and data outside direct control of the institution.
Safe Systems a national provider of compliance-centric IT solutions to financial institutions. The company manages hundreds of financial institutions representing more than USD 61 billion in combined assets, 1,100 locations and over 25,000 network devices.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now