|By Business Wire||
|August 21, 2014 01:14 PM EDT||
Safe Systems, a national provider of compliance-centric IT support and hosted services for financial institutions, today announced the launch of its Incident Response Plan Testing service, which has been designed to guide and support banks in the current cyber-threat environment.
All regulatory statements about cybersecurity have singled out the need for an effective incident response plan, and the FFIEC refers specifically to incident response testing as one of the primary takeaways from its recent webinar, encouraging all institutions to consider:
How often is my institution testing its plans to respond to a cyber-attack? Do these tests include our key internal and external stakeholders?
While vendor oversight does provide some measure of assurance in outsourced relationships, banks have very little actual control over specific vendor-based preventive controls. Additionally, regulators make no distinction between a financial institution’s responsibilities for data security within direct control, and data outside direct control of the institution. Essentially, when outsourcing, institutions have 100 percent of the responsibility and zero control. Detective and corrective/responsive controls must compensate for the lack of preventive controls in order to maintain compliance and reinforce security. An institution’s plan is only as good as it proves to be during testing.
There are three key areas of support that Safe Systems provides to its customers through this service:
1. Assures that the objectives of the test align completely with regulatory guidance and best practices.
2. Identifies the scenario of the incident being tested. Ideally it should be drawn from recent industry events, something the institution has actually experienced, or even derived from a recent social engineering test.
3. Fully documented and presented in a manner that can be delivered to the board, as well as auditors and examiners.
“Vendor due diligence and on-going oversight are still very important, but because of the relative lack of control in an outsourced relationship, an effective incident response plan is the best, and perhaps only, defense,” said Tom Hinkel, VP of Compliance Services of Safe Systems. “Just as with disaster recovery plans, incident response plans must be both compliant, and viable. They must pass regulatory scrutiny, and a bank’s incident response team must be able to follow it when an incident occurs. Knowing how to classify an incident, and understanding if and when customer and regulator notification is required, is critical to a plan’s effectiveness. Through the Incident Response Plan Testing service, an institution can rest assured that their plan will not only pass regulatory scrutiny, it will provide the framework an institution’s incident response team needs to confidently manage any cyber event.”
About Safe Systems
Founded in 1993, Safe Systems is the national leader in providing compliance-centric IT solutions exclusively to financial institutions. We currently manage hundreds of financial institutions representing more than $61 billion in combined assets, 1,100 locations and over 25,000 network devices. Our network management services are the bridge between the core and other third-party applications. These cost effective solutions include IT support and managed services, internal network/cloud design and installation, hosted email, business continuity and disaster recovery, compliance consulting, security services, and IT and compliance training. Safe Systems helps financial institutions to significantly decrease costs, increase performance, and improve their compliance posture. For additional information about Safe Systems, Inc., please visit http://www.safesystems.com or call 877.752.0550.
Sep. 30, 2016 06:15 PM EDT Reads: 1,610
Sep. 30, 2016 06:15 PM EDT Reads: 3,118
Sep. 30, 2016 06:15 PM EDT Reads: 3,516
Sep. 30, 2016 05:45 PM EDT Reads: 1,368
Sep. 30, 2016 05:30 PM EDT Reads: 696
Sep. 30, 2016 04:45 PM EDT Reads: 5,314
Sep. 30, 2016 04:45 PM EDT Reads: 2,002
Sep. 30, 2016 04:30 PM EDT Reads: 732
Sep. 30, 2016 04:30 PM EDT Reads: 394
Sep. 30, 2016 04:30 PM EDT Reads: 1,824
Sep. 30, 2016 04:00 PM EDT Reads: 3,587
Sep. 30, 2016 03:45 PM EDT Reads: 3,660
Sep. 30, 2016 03:30 PM EDT Reads: 399
Sep. 30, 2016 03:00 PM EDT Reads: 3,015
Sep. 30, 2016 03:00 PM EDT Reads: 1,655