Receive articles and resources from the information risk management experts at FoxPointe.
Risk Management Guidance On July 13, 2021, the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC, and together with the Federal Reserve and the FDIC, the Agencies), requested comments on proposed interagency...
Fraud Prevention All fraud begins with a line of thinking that follow three major factors: Opportunity, Rationalization, and Pressures. Rationalization is the excuse an individual uses to provide comfort or assurance that they need to commit fraud. An example of this could be: “I’ll put the money back, I just...
FedLine Security and Resiliency Assurance Program In October 2020, the Federal Reserve Banks (FRB) posted an announcement to their website titled “Announcing the FedLine Solutions Security and Resiliency Assurance Program”. The FRB’s FedLine Solutions are a critical component of the U.S. payment system. FedLine is a suite of payment solutions...
What is Phishing? Phishing is defined as a form of social engineering that use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing is often in the...
Information Security Complacency My career has taken me through a winding road of many areas including finance, manufacturing, education, and, today, information security. My career has included 24 years in the manufacturing world, where I managed many risks including employee theft (check kiting and manipulation) and mail fraud (vendor checks...
Data Security Our workplaces have become more mobile than ever before, largely due to advancements in technology being used by businesses for communication and collaboration. The circumstances related to the COVID-19 pandemic have expedited this movement by forcing most businesses and organizations out of their offices and into remote work...
Stopping Ransomware In today’s world of everchanging technology, the fastest growing method of cyber-attacks is Ransomware. “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and malicious actors then demand ransom in exchange for decryption.”...
“Data is the new oil.” We have heard that frequently over the years. It’s usually in the context of being a business driver. That is still true, however, it is also lurative for those who want to hijack your data via ransomware. In the early days of ransomware, it would...
HITRUST Is your organization involved in HITRUST or looking to take that path in the near future? If so, there are some important changes to be aware of that may change your timeline and approach. Throughout each year, HITRUST releases Advisories as needed, in one of two categories: Assurance Change...
SOC 2 + HITRUST CSF Report Based on the Verizon Data Breach Investigations Report of 2021, healthcare and outsourced service providers continue to be two of the most popular targets for cyber criminals. The most common attacks occur through human error, basic web application attacks, and system intrusion. In order...
What is a SOC 1 Report A SOC 1 report, also known as the Statement on Standards for Attestation Engagements (SSAE) 18, focuses on a service organization’s controls that are likely to be relevant to an audit of a user entity’s (customer’s) financial statements. SOC 1 reports cover a service...
Cybersecurity Regulations Since the regulation came into effect in March 2019, the New York State Department of Financial Services (DFS) continues to strengthen the way that it enforces the Cybersecurity Regulation 23 NYCRR Part 500. With 23 distinct sections of the regulation, DFS requires a comprehensive cybersecurity program for “Covered...
