Quantivate Blog

Tag Archives:

IT GRC

FFIEC Issues Statement on Cybersecurity

by William Hord

June 08, 2016 08:06 am

FFIEC Issues Statement on Safeguarding the Cybersecurity of Interbank Messaging and Payment Networks

The Federal Financial Institutions Examination Council advised financial institutions yesterday afternoon to monitor the risks associated with interbank messaging and wholesale payment networks. Coming just two weeks after a malware attack on the Society for Worldwide Interbank Financial Telecommunication (SWIFT) breached 12 banks. The FFIEC stated “financial institutions should review risk-management practices and controls related to information technology systems and wholesale payment networks, including risk assessment; authentication, authorization and access controls; monitoring and mitigation; fraud detection; and incident response.”

If you haven’t already been assessing this process risk via your ERM program and/or your IT/GRC program, you should. Ensuring you have all the necessary controls in place to mitigate your risk and provide assurances to examiners and stakeholders is critical for such a highly utilized and trusted financial service.

https://www.ffiec.gov/press/pr060716.htm

Read More

Flaw Found in Key Method for Protecting Data on the Internet

by Dan Banning

April 08, 2014 04:04 pm

If you are an IT professional, your job may have just gotten a lot busier. A flaw was discovered in one of the Internet’s key encryption methods, potentially forcing a wide swath of websites to swap out the virtual keys that generate private connections between the sites and their customers. The flaw is called the The Heartbleed Bug. The vulnerability involves a serious bug in OpenSSL, the technology that powers encryption for two-thirds of web servers. More information can be obtained here: http://heartbleed.com/

Quantivate users are not at risk, and your data is secure, as our servers do not run the version of OpenSSL that contains the vulnerability.

Read More

Adobe Hacked: Reduce your own company’s IT risks

by Andy Vanderhoff

October 04, 2013 09:10 am

Today’s news about the hacking of data at Adobe is just another example in a long list of the risks you take when storing sensitive data. Adobe is now in damage control mode after learning that over 3 million customer records have been compromised. (more…)

Read More

FIS Breach Shows Vendor Management Still a Problem

by Andy Vanderhoff

September 26, 2013 12:09 pm

Randy Lindberg of Rivial Security (Quantivate’s IT GRC partner) recently pointed out how the breach at FIS shows that vendor management is still important. Read more here.

Read More

Things You Should Include in Due Diligence Review

by Andy Vanderhoff

July 25, 2013 02:07 pm

Due diligence requires investigation into a vendor’s ability to meet the requirements of the proposed service and an inquiry into the vendor’s financial ability to deliver its promise. When performing due diligence process for vendors, you should consider the following areas: (more…)

Read More