You may have noticed 2016 was quite the busy year for IT regulatory compliance. OK, that’s probably a bit of an understatement.
Last year saw the release of Appendix E on Mobile Financial Services, the new InTrex exam format, the updated Information Security Handbook, and the promise of more to come in 2017. With this plethora of information being directed at financial institutions (FIs), I wanted to take this opportunity to highlight one particular factor that is already coming under examiner scrutiny-incident response. I have written about incident response a couple of times in the past. In fact, in my previous blog I provided some best practice items for FIs to consider in their Incident Response Plans. But with increasing attention on this subject, I think it is necessary we re-visit a couple of established incident response standards and acknowledge a new best practice.