News and Updates

Regulators Target Banks Cybersecurity Infrastructure

Yesterday, the Department of Financial Services for New York unveiled new cybersecurity rules for financial institutions and insurance companies. This is another step in government intervention requiring businesses that have access to sensitive personal information of its customers to take extra steps to protect their identities. The regulations will require banks to: establish a cybersecurity program; adopt a written cybersecurity policy; designate a Chief Information Security Officer (CISO) responsible for implementing and enforcing the new program and policy; design policies and procedures to ensure the security of information systems and non-public information accessible to, or held by,

Security Assessments: Using Excel is Bad, Word is Worse

When it comes to administering security assessments to vendors, most companies are still using an old process that has limited capabilities and functionality. If you’ve ever sent or received a 10+ page long security assessment in Word or Excel, you know what I’m talking about. The hassle it takes to go through the 100+ questions, some of which do not seem applicable or cannot be answered by you, is time consuming and a miserable experience. Even worse is the experience of the person who has to grade that assessment and compare it to others that they have received. There are a lot of problems with the current system of vendor risk management, but the bureaucracy of business sometimes gets i