Blog

Can Updated FFIEC Cyber Assessment Tool Help With Other Regulations?
Cybersecurity Data breach Data security Privacy

Use the FFIEC Cyber Assessment Tool to help comply with NYDFS 23 NYCRR Part 500The Federal Financial Institutions Examination Council (FFIEC) released an update to its Cybersecurity Assessment Tool to help financial institutions establish a better baseline to identify their risks and determine their cybersecurity preparedness. The original intent of the Assessment was to provide a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.

The updates are a response to criticism since its release in June 2015 for its vagueness and diversion from other well-established cybersecurity assessment frameworks, such as the NIST Cybersecurity Framework.  While there are similarities between these tools, the FFIEC is trying to provide guidance to its constituency where the NIST framework is general for all organizations.

Ron Arden Shows Institute of Internal Auditors How to Defend Against Cyber Threats
Cybersecurity Data breach Insider threat News Secure collaboration

Ron Arden shows auditors how to protect against cyber threatsRon Arden, Executive Vice President of Fasoo, Inc., spoke to members of the Rochester Institute of Internal Auditors (IIA) at the Hilton DoubleTree Hotel in Rochester, NY on December 7, 2016.  Ron delivered a presentation on “Defending Your Intellectual Property Against Cyber and Insider Threats ” to this annual event and showed attendees how to use Fasoo’s enterprise digital rights management to protect sensitive information from insider threats and cyber attacks.

With the changing regulatory climate and the constant news on data breaches and cybersecurity incidents, the attendees were very interested in how to protect sensitive information in their organizations, since ensuring proper controls and managing risk are the main focus of this group.  Ron spoke about the new NY State Department of Financial Services (DFS) cybersecurity regulations that require all organizations registered as banks, financial services companies and insurance companies in the state of NY to meet new cybersecurity rules.  A major one is to encrypt all non-public data, which will require major changes in policy and technology.

Bill Blake Shows WNY ISACA Auditors How to Protect Sensitive Data
Cybersecurity Data breach Insider threat News Print security

Bill Blake shows ISACA how Fasoo protects sensitive dataBill Blake, President of Fasoo, Inc., spoke to members of the Western NY Information Systems Audit and Control Association (ISACA) at the Hilton Double Tree Hotel in Rochester, NY on May 10, 2016.  Bill delivered a presentation on “Closing the Threat Gap – A 21st Century Approach to Minimizing Risk” to this annual event and showed attendees how to use Fasoo’s enterprise digital rights management to protect sensitive information from insider threats and external attacks by hackers.

Given the constant barrage of news on data breaches and cyber security incidents, the attendees were very interested in how to protect sensitive information in their organizations, since ensuring proper controls and managing risk are the main focus of this group.  One statistic that Bill shared was from the 2016 PwC Global State of Information Security survey which found that 81 percent of respondents attribute security incidents to existing staff, vendors and customers, with current employees the most cited source of incidents.  This was an eye opener for many, since most of us tend to focus on external threats.

Ron Arden Shows Rochester IIA ISACA IT Event How to Protect Sensitive Data
Cybersecurity Data breach Insider threat News Secure collaboration

Ron Arden Shows Rochester IIA ISACA IT Conference How to Protect Sensitive DataRon Arden, Vice President of Fasoo, Inc., spoke to members of the Rochester Institute of Internal Auditors (IIA) and Information Systems Audit and Control Association (ISACA) at the Hilton Double Tree Hotel in Rochester, NY on December 10, 2015.  Ron delivered a presentation on “Data Protection of Sensitive Information” to this annual event and showed attendees how to use Fasoo’s enterprise digital rights management to protect sensitive information from insider threats and external attacks by hackers.

Given the constant drum beat of news on data breaches and cyber security incidents, the attendees were very interested in how to protect sensitive information in their organizations, since ensuring proper controls and managing risk are the main focus of this group.  A number of attendees came up after the presentation and asked about protecting very sensitive documents in their companies.  I spoke with a gentleman from a retail company who was concerned about protecting contract information with their suppliers and since they have such high employee turnover, was worried about people moving to competitors with sensitive information.