Pub. 3 2013-2014 Issue 6

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S 18 R egulatory agencies have been busy this year! This seems to be the year of FILs, OCC Bulletins, and FFIEC documents. Some that came out ear- lier than that are also seeing an increase in at- tention. Make sure these areas of information security are addressed in your program (or are at least on your radar) before your next exam:  Social Media – The FFIEC released final guidance on social media risk management expectations in December, 2013. To be clear, banks with more social media presence will obviously have more work to do, but even if you’re not using social media sites, you still have a few new requirements. The purpose of the guidance is to let you know you need a social media risk management program. The first step would be assessing your risk level surrounding social media and then to determine what your institution should do regarding the other risk management components listed in the FFIEC’s guidance. Those include things like employee training, social media monitoring, policies/procedures for social media use, board reporting, etc.  Account Takeover (ATO/CATO) – Since the release of the FFIEC’s Supplement to Authentication in an Internet Banking Environment, several state banking FEATURE ARTICLE “To be clear, banks with more social media presence will obviously have more work to do, but even if you’re not using social media sites, you still have a few new requirements.” STEPHANIE CHAUMONT CISA, CISSP, SECURITY+ Your Next Exam: What’s New Since Last Year?