Pub. 4 2014-2015 Issue 3

O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S November • December 2014 11 ments most financial institutions’ existing Gramm-Leach- Bliley based Information Security Programs: Identify (Risk Assessments), Protect (Controls), Detect (Logging/Monitoring), Respond (Incident Response Plans) and Recover (Business Con- tinuity and Disaster Recovery Plans). Framework Profiles are used to define how the Framework Core is applied based on the organization’s needs (regulatory requirements, risk management priorities, sector goals, etc.). Profiles can be used to define the current state of an organiza - tion’s risk management processes or to define the organization’s goals. Evaluating the difference between the organization’s current state and target state will highlight the areas that need the most attention. Framework Tiers are used to judge the maturity of an in- stitution’s cybersecurity program. There are four Tiers, each providing a maturity index based on an organization’s risk management process, program and external partic- ipation. To summarize the four Tiers: • Tier 1 – Partial: No formalized risk management processes with a limited awareness of cyberse- curity risks at the organizational level. Very little to no external collaboration with other entities. • Tier 2 – Risk Informed: Risk management processes are ap- proved by management, but not necessary formalized as organi- zation-wide policies. Discussions regarding cybersecurity are often informal. External participation has not been formalized. • Tier 3 – Repeatable: Risk man- agement process are formally approved and documented as organizational policies. Regular reviews of the cybersecurity prac- tices are performed resulting in updates based on business needs and changing threat landscapes. Well-defined risk management processes result in consistent and effective responses to changes in risk. The organization receives information from its partners that aide in making risk management decisions. • Tier 4 – Adaptive: Risk manage- ment processes allow the organi- zation to actively adapt to changes in risk and threat landscapes. Cybersecurity has become part of the organization’s culture. The organization shares information with partners to ensure accurate information is being used to improve cybersecurity. As stated before, most members of the financial sector have done a good job at implementing cybersecurity program as part of their GLBA Information Security Program. The Framework should be viewed as a complement to existing information or cy- bersecurity programs and not a replacement or new requirement. The Framework Tiers provide financial institutions with an effective method to evaluate the maturity of existing programs, and the Framework Profiles act as a great tool to illustrate any gaps that may exist. n Craig Schurr is a Security and Compliance Consultant for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and tandem – a security and compliance software suite designed to help financial institutions create and maintain their Information Security Program. Visit our website at www.conetrix.com. CEDCO Small Business Finance Corporation Your Best Soursce for SBA Real Estate Loans New Easier Qualification Uninterrupted access to money through a monthly SBA-backed bond auction Low fixed-rate financing Low down payments CEDCO Small Business Finance Corporation Colorado’s SBA 504 Loan Expert TM 1175 Osage Street, Suite 110 Denver CO 80204 Denver 303-893-8989 Grand Junction 970-243-1852 www.cedco.org  More stability for your operation  A stronger balance sheet  An asset to sell when you’re ready AS A LEADING SBA 504 LENDER WE MAKE IT EASY FOR YOU  Buy, Build, Remodel or Expand Real Estate  Purchase and install long-lasting equipment  Fast, expert processing - with low loan costs  Refinance may be an option  We lend up to $5 million: borrow up to $20 million when combined with bank financing  Interest rate as low as 5.25%, fixed for 20 years  Down payments range from 10% to 20%  Most small Businesses are Eligible STREAMLINED PROCESSING  Front Range and mid-mountains call Jeff or Mary Jane 303-893-8989  Western Colorado call Pat 970-243-1861