Technological advancements in the financial sector have made life easier for everyone, but convenience often comes at a price. Cybercriminals are constantly looking for opportunities for exploitation. Businesses in the financial sector are prime targets for data breaches and other damaging cyberattacks. Cybercriminals that target financial businesses are usually looking to steal financial information they can use for identity theft....

When most people hear the three letters CIA in succession, they think about the U.S.’s Central Intelligence Agency. But the CIA Triad actually has nothing to do with the United States government. It does, however, have everything to do with security.  What is the CIA Triad? CIA is an acronym that stands for confidentiality, integrity and availability. And in the...

While there will always be inherent risk any time you enter into a new relationship with a vendor and their products, you can’t ignore or skip over the residual risk. Failure to acknowledge and account for such risks could potentially jeopardize your organization. What is Residual Risk? In the world of IT and network security, we often discuss risk in...

Integrated Risk Management (IRM) is a set of processes and practices that relies on risk-aware culture and risk-conscious technologies. It includes a number of important principles for improving security within an organization. IRM combines elements of corporate governance, cyber risk management and compliance into a singular, comprehensive approach. It’s designed to be streamlined and efficient, introducing automation, cross-departmental solutions and...

The Common Vulnerabilities and Exposures (CVE) System, launched in 1999, is a system that provides publicly recognized information related to vulnerabilities and exposures. It is operated by the MITRE Corporation and funded by the United States Department of Homeland Security. CVE Identification Numbers Within MITRE Corporation’s system, there are defined CVE Identifiers. These unique, common identifiers serve as ID numbers...

The Gramm-Leach-Bliley Act (GLBA) is one of the most common regulatory compliance acts in the business world. And if you’re involved in providing financial products or services to consumers and utilize the services of third-party vendors, it’s something you need to be aware of.  What is the GLBA? Also known as the Financial Modernization Act of 1999, the Gramm-Leach-Bliley Act...

The National Vulnerability Database is a US government-run system that records a wide range of security and compliance information and protocols. Originally developed in 2000, it’s grown into a powerful tool that helps businesses close major security gaps and protect their data—but it’s far from perfect. Ultimately, someone had to have discovered the recorded vulnerabilities before they could be logged,...

There are many different regulatory groups that oversee finance-related bodies and transactions, and the Office of the Comptroller of the Currency (OCC) is one of the most important of these groups. Founded in 1863, the OCC is an independent bureau within the US Department of the Treasury and its job is to oversee issues relating to national banks.  In particular,...

In light of concerns over a growing number of cybersecurity threats and data breaches, New York State recently passed stricter cybersecurity laws under the NY SHIELD Act. These data security requirements took effect on March 21, 2020. What are these new laws and how do you ensure your third parties are compliant? What is the NY SHIELD Act? At a...

PCI-DSS regulations aren’t law; they are a set of security regulations credit card companies voluntarily agree to uphold. As a result, any merchant that stores, processes, and/or transmits cardholder data  through the major credit card networks must also agree to uphold these security standards. Third-party vendors may or may not be required to comply, depending on the function they provide...