2 min read
Should Financial Institutions have a BISO Program?
A BISO (Business Information Security Officer) is an ombudsman for business lines across an institution. This person is responsible for representing...
Credit Unions (2)
2 min read
Self-Assessing Authentication & Access Risk
A little over a year ago, banking regulators released the “Authentication and Access to Financial Institution Services and Systems” guidance. Since...
3 min read
How to Change Your Virtual CISO (or how to avoid it to begin with)
There’s been an interesting trend in the virtual CISO industry over the last several months.
2 min read
Tools to Check Out in the Cybersecurity Resource Guide
Last week, we saw the Federal Financial Institutions Council (FFIEC) announce an update to its Cybersecurity Resource Guide. It was originally...
1 min read
Preparing for a Security Incident
The worst time to develop an Incident Response Plan for dealing with a security incident is during an actual incident. It’s not a matter of “if” but...
2 min read
Where Does Managing Aggregator Risk Belong?
A little over a year ago, bank regulators published new proposed guidance on managing third-party risk. One of the more controversial topics in this...
1 min read
Checking the Box
I recently participated in an executive meeting at a bank where we discussed the real value of “checking the box” also known as the bare minimum,...
3 min read
A Platform Won’t Change Your Culture
“A platform won't change your culture.” This was a great quote by our COO, Stephanie Goetz, at our last offsite team meeting.
3 min read
Change, Conflict and Culture
We have many institutions either going through or coming out of a large amount of change. It seems like there’s always some new guidance, product, or...
2 min read
Confessions of a Professional Worrier
A few weeks ago, in my life outside of cybersecurity, a person said to me: “You are always thinking three steps ahead of the rest of us”. I am not...