JHA_HeaderImage_Blog_v6

Jennifer Roland-Vlach

Recent Posts

Heightened Cybersecurity Risk: What You Need to Know

Posted by Jennifer Roland-Vlach

Wed, Mar 18, 2020 @ 10:13 AM

On January 16 of this year, the FDIC and OCC issued the Joint Statement on Heightened Cybersecurity Risk. This Statement came amid increased geopolitical tensions between the U.S. and Iran and was an effort to bring awareness to the potential of a cyber attack and how financial institutions (FIs) should prepare themselves. The Statement does not provide any new information, but rather emphasizes standards previously outlined in the Interagency Guidelines Establishing Information Security Standards and FFIEC resources. The Statement reminds FIs that adhering to previously recommended principles and risk mitigation strategies will help to reduce the risk of a successful cyber attack.The Statement highlights areas in which FIs should focus attentions – response and resilience capabilities, authentication, and system configuration. Let’s explore each of these sections in a bit more detail. 

Read More

Topics: Cybersecurity

The Team Approach to Cybersecurity

Posted by Jennifer Roland-Vlach

Wed, Jan 16, 2019 @ 11:00 AM

The FFIEC’s Cybersecurity Assessment Tool (CAT) is crucial for compliance, and the IT Regulatory Compliance group always likes to cover it. Since the 2015 release of the CAT, I have noticed a trend that I believe is worth sharing. I have spoken with financial institutions (FIs) that have recently experienced personnel changes – such as new Network Administrators or new Information Security Officers. I like to ask if the new contact knows that the CAT has been updated, and often the answer is no. Or, as is often the case with the shuffle of personnel, the new hire does not know where to even find the most recent CAT, much less know whether it has been updated.

Read More

Topics: Compliance, Cybersecurity

2 Big Changes That Will Impact Your Vendor Management

Posted by Jennifer Roland-Vlach

Wed, Jun 28, 2017 @ 11:45 AM

Vendor management has always been a key part of financial institution (FI) compliance and risk management efforts. And recently, FIs have witnessed the importance of proper vendor management begin to receive even more emphasis. One area in particular that is contributing to this emphasis is the Statement on Standards for Attestation Engagements (SSAE) No. 18 (SSAE 18) report. That’s right, SSAE 18, not 16. Effective May 1st, 2017, the SSAE 18 became the new standard report for vendors to provide to financial institutions.

Now, in my opinion, there has not been a lot of hype regarding this change. At least not like what we saw when the SAS70 report became the SSAE 16. The reason for this is due largely to the fact that the SSAE 18 does not appear to be drastically different from the SSAE 16. Which is definitely good news for community FIs.

While the changes between the SSAE 16 and 18 will not completely change an FI’s approach to vendor management, there are some changes that will impact the due diligence efforts of FIs, especially in regard to more critical vendors.

Read More

Topics: Financial Service Industry Research, Compliance

The New Reality of Incident Response Plans

Posted by Jennifer Roland-Vlach

Wed, Jan 04, 2017 @ 11:15 AM

You may have noticed 2016 was quite the busy year for IT regulatory compliance. OK, that’s probably a bit of an understatement.

Last year saw the release of Appendix E on Mobile Financial Services, the new InTrex exam format, the updated Information Security Handbook, and the promise of more to come in 2017. With this plethora of information being directed at financial institutions (FIs), I wanted to take this opportunity to highlight one particular factor that is already coming under examiner scrutiny-incident response. I have written about incident response a couple of times in the past. In fact, in my previous blog I provided some best practice items for FIs to consider in their Incident Response Plans. But with increasing attention on this subject, I think it is necessary we re-visit a couple of established incident response standards and acknowledge a new best practice.

Read More

Topics: Data Management, Risk/Fraud

Compliance, the Missing Piece to a Managed IT Service Puzzle

Posted by Jennifer Roland-Vlach

Wed, Feb 05, 2014 @ 07:46 AM

Author: Jenny Roland-Vlach, JRoland-Vlach@jackhenry.com

As IT environments are becoming increasingly complex, more community financial institutions are looking to outsource monitoring and management of some of their entire IT infrastructure. As anyone who has ever been part of a new product or service implementation knows, there are times when certain items seem to fall off the radar. Of course, this does not always happen intentionally. Given the complexity of implementing new products and services, especially a managed IT service, it is likely that steps to address risk/compliance will either be overlooked or postponed to be dealt with at a more convenient time.

Read More

Topics: Archive

Subscribe to Email Updates

Recent Posts