|By Business Wire||
|August 21, 2014 01:14 PM EDT||
Safe Systems, a national provider of compliance-centric IT support and hosted services for financial institutions, today announced the launch of its Incident Response Plan Testing service, which has been designed to guide and support banks in the current cyber-threat environment.
All regulatory statements about cybersecurity have singled out the need for an effective incident response plan, and the FFIEC refers specifically to incident response testing as one of the primary takeaways from its recent webinar, encouraging all institutions to consider:
How often is my institution testing its plans to respond to a cyber-attack? Do these tests include our key internal and external stakeholders?
While vendor oversight does provide some measure of assurance in outsourced relationships, banks have very little actual control over specific vendor-based preventive controls. Additionally, regulators make no distinction between a financial institution’s responsibilities for data security within direct control, and data outside direct control of the institution. Essentially, when outsourcing, institutions have 100 percent of the responsibility and zero control. Detective and corrective/responsive controls must compensate for the lack of preventive controls in order to maintain compliance and reinforce security. An institution’s plan is only as good as it proves to be during testing.
There are three key areas of support that Safe Systems provides to its customers through this service:
1. Assures that the objectives of the test align completely with regulatory guidance and best practices.
2. Identifies the scenario of the incident being tested. Ideally it should be drawn from recent industry events, something the institution has actually experienced, or even derived from a recent social engineering test.
3. Fully documented and presented in a manner that can be delivered to the board, as well as auditors and examiners.
“Vendor due diligence and on-going oversight are still very important, but because of the relative lack of control in an outsourced relationship, an effective incident response plan is the best, and perhaps only, defense,” said Tom Hinkel, VP of Compliance Services of Safe Systems. “Just as with disaster recovery plans, incident response plans must be both compliant, and viable. They must pass regulatory scrutiny, and a bank’s incident response team must be able to follow it when an incident occurs. Knowing how to classify an incident, and understanding if and when customer and regulator notification is required, is critical to a plan’s effectiveness. Through the Incident Response Plan Testing service, an institution can rest assured that their plan will not only pass regulatory scrutiny, it will provide the framework an institution’s incident response team needs to confidently manage any cyber event.”
About Safe Systems
Founded in 1993, Safe Systems is the national leader in providing compliance-centric IT solutions exclusively to financial institutions. We currently manage hundreds of financial institutions representing more than $61 billion in combined assets, 1,100 locations and over 25,000 network devices. Our network management services are the bridge between the core and other third-party applications. These cost effective solutions include IT support and managed services, internal network/cloud design and installation, hosted email, business continuity and disaster recovery, compliance consulting, security services, and IT and compliance training. Safe Systems helps financial institutions to significantly decrease costs, increase performance, and improve their compliance posture. For additional information about Safe Systems, Inc., please visit http://www.safesystems.com or call 877.752.0550.
May. 28, 2016 07:00 PM EDT Reads: 1,245
May. 28, 2016 07:00 PM EDT Reads: 1,950
May. 28, 2016 07:00 PM EDT Reads: 3,577
May. 28, 2016 06:45 PM EDT Reads: 2,853
May. 28, 2016 06:45 PM EDT Reads: 1,995
May. 28, 2016 04:30 PM EDT Reads: 902
May. 28, 2016 04:00 PM EDT Reads: 1,678
May. 28, 2016 03:45 PM EDT Reads: 2,538
May. 28, 2016 03:30 PM EDT Reads: 2,013
May. 28, 2016 02:00 PM EDT Reads: 634
May. 28, 2016 02:00 PM EDT Reads: 2,924
May. 28, 2016 02:00 PM EDT Reads: 1,364
May. 28, 2016 01:00 PM EDT Reads: 2,339
May. 28, 2016 01:00 PM EDT Reads: 2,002
May. 28, 2016 12:00 PM EDT Reads: 564