Receive articles and resources from the information risk management experts at FoxPointe.
Recently, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), and the Office of the Comptroller of the Currency (OCC) issued the Third-Party Risk Management: A Guide for Community Banks (the guide). A community bank’s reliance on third parties does introduce operational, compliance,...
Purchasing or selling a business is fraught with complexities, from financial statement due diligence, to ensuring that the right resources are in place before, during, and after the transaction. Legal and even environmental considerations also can be complex, time consuming, and resource intensive. One area that often gets overlooked is...
Whether they’re ensuring high quality care and patient safety, managing costs or complying with regulations, healthcare organizations have a lot to consider in order to run properly. One strategic tool that healthcare organizations can adopt to enhance efficiency is Artificial Intelligence (AI). AI is revolutionizing industries worldwide, and healthcare is...
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently released a Notice of Proposed Rule Making (NPRM) detailing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). This proposal mandates that companies report cybersecurity incidents and ransomware payments within strict timelines. Public comments on the NPRM are...
Is your Credit Union in the know about the recent cybersecurity requirements mandated by the New York State Department of Financial Services (DFS) that may affect operations? DFS has made significant amendments to its Cybersecurity Regulation, 23 NYCRR Part 500. The rule is final and effective as of November 1,...
Discover how to effectively assess and mitigate risks for these vendors. Now that you have stood up processes for onboarding 3rd parties, it is time to consider the same for 4th parties. What? Another vendor group I have to worry about? Have you thought about 4th parties? These entities are...
In today’s digital landscape, where cybersecurity threats are constantly evolving, organizations face the challenge of staying ahead of malicious actors while managing limited resources and expertise. One solution gaining momentum is outsourcing cybersecurity functions to specialized external providers. What is outsourcing? The use of outsourcing is the practice of contracting...
You may have read recently that the number of instances of ransomware has declined. While the overall count of malicious and damaging infections may be waning, the impact of an attack is certainly not. Case in point: the BlackCat attack on Change Healthcare. The attack on February 21st has had...
Your organization and its risk management leaders face disturbances on multiple levels every day, encompassing cybersecurity, privacy, regulatory management, and focused and widespread malicious actions and actors, technological weaknesses, organizational apathy, human errors, etc. Preparation, assessment, and pragmatic execution of the needed controls are vital to address these disruptions and...
Incident Management Efficiency Recently, the NYS Office for People with Developmental Disabilities (OPWDD) has been placing a stronger focus on Incident Management, primarily surrounding timely completion of investigations of reportable incidents. The following is a high-level overview of OPWDD’s Part 624 Regulations. OPWDD requires voluntary agencies to have a process...
Privacy vs. Security Privacy and security often work hand in hand to support each other, but each has its own distinct role. Data privacy includes policies and procedures that define how information is gathered, stored, accessed, and destroyed. Security is comprised of the people, processes, and technologies put into place...
Why Your Organization Needs a Gap Assessment Today and the Top Benefits of Partnering with a QSA The Payment Card Industry Security Standards Council (PCI SSC) has released version 4 of the Data Security Standard (DSS). This is the first major update to the standard since PCI DSS v3.0 was...
