Dawn Yankeelov, a cyber policy leader in Kentucky, speaks to the changing landscape for banking cybersecurity policy for a SecuretheVillage workgroup in the Summer of 2021.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Ā
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Ā
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
ā¢ Current trends in Cyber attacks
ā¢ FFIEC Cyber Assessment Toolkit
ā¢ NIST Cybersecurity Framework principles
ā¢ Security Metrics
ā¢ Oversight of third parties
ā¢ How to measure cybersecurity preparedness
ā¢ Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class āEB 11 ā Individual of Extraordinary Abilityā after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Dodd-Frank's Impact on Regulatory ReportingHEXANIKA
Ā
We previously analyzed how Dodd-Frank and how the new regulations have impacted large banks as well as midsize and small banks. This time, we will look at how the law meant to address one issue (avoid a financial meltdown similar to 2008) might have created other challenges for banks ā the most important one that of regulatory reporting:
Legal issues of domain names & trademarksMatt Siltala
Ā
- 2011 saw a rise in data security breaches and states passing laws requiring companies to notify customers of breaches and implement reasonable security measures like encryption.
- States like Massachusetts, Nevada, Washington and Minnesota have passed laws regarding encryption, payment card data storage, and reimbursing banks for costs after breaches.
- The SEC issued guidance for public companies to disclose cybersecurity risks and incidents that could materially impact their business.
- The Mobile Marketing Association published mobile app privacy policy guidelines around what user data is collected and how it is used.
Digital Asset Transfer Authority Bit license comment letter (21 10-14)DataSecretariat
Ā
This letter from DATA (Digital Asset Transfer Authority) provides comments on New York's proposed BitLicense regulations. It argues that 1) the scope of regulated activities is too broad and would stifle innovation, 2) the new AML requirements pose serious privacy issues and require untenable data collection, and 3) the regulations should be revised to address these concerns and balance consumer protection with allowing new technologies to develop. The letter provides background on DATA and the digital currency industry's efforts toward self-regulation, and encourages NYDFS to revise the regulations to be more risk-based and avoid overregulation that could discourage new technologies.
What Financial Institution Cyber Regs Tell the Infrastructure SectorCBIZ, Inc.
Ā
Information security is a threat for every business, but itās particularly disruptive to the nationās infrastructure systems. Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory efforts are successful in reducing the number of financial institution cyber incidents, state and federal regulators may turn their attention to other industries.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Ā
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Ā
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
ā¢ Current trends in Cyber attacks
ā¢ FFIEC Cyber Assessment Toolkit
ā¢ NIST Cybersecurity Framework principles
ā¢ Security Metrics
ā¢ Oversight of third parties
ā¢ How to measure cybersecurity preparedness
ā¢ Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class āEB 11 ā Individual of Extraordinary Abilityā after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Dodd-Frank's Impact on Regulatory ReportingHEXANIKA
Ā
We previously analyzed how Dodd-Frank and how the new regulations have impacted large banks as well as midsize and small banks. This time, we will look at how the law meant to address one issue (avoid a financial meltdown similar to 2008) might have created other challenges for banks ā the most important one that of regulatory reporting:
Legal issues of domain names & trademarksMatt Siltala
Ā
- 2011 saw a rise in data security breaches and states passing laws requiring companies to notify customers of breaches and implement reasonable security measures like encryption.
- States like Massachusetts, Nevada, Washington and Minnesota have passed laws regarding encryption, payment card data storage, and reimbursing banks for costs after breaches.
- The SEC issued guidance for public companies to disclose cybersecurity risks and incidents that could materially impact their business.
- The Mobile Marketing Association published mobile app privacy policy guidelines around what user data is collected and how it is used.
Digital Asset Transfer Authority Bit license comment letter (21 10-14)DataSecretariat
Ā
This letter from DATA (Digital Asset Transfer Authority) provides comments on New York's proposed BitLicense regulations. It argues that 1) the scope of regulated activities is too broad and would stifle innovation, 2) the new AML requirements pose serious privacy issues and require untenable data collection, and 3) the regulations should be revised to address these concerns and balance consumer protection with allowing new technologies to develop. The letter provides background on DATA and the digital currency industry's efforts toward self-regulation, and encourages NYDFS to revise the regulations to be more risk-based and avoid overregulation that could discourage new technologies.
What Financial Institution Cyber Regs Tell the Infrastructure SectorCBIZ, Inc.
Ā
Information security is a threat for every business, but itās particularly disruptive to the nationās infrastructure systems. Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory efforts are successful in reducing the number of financial institution cyber incidents, state and federal regulators may turn their attention to other industries.
This document summarizes an article from The Corporate Governance Advisor on tools for boards to oversee cybersecurity risk. It discusses the business impacts and litigation/regulatory risks of cyber attacks. It outlines how boards have an oversight duty to ensure proper information and reporting systems exist to manage cybersecurity risk. The document provides examples of cybersecurity disclosure from companies like Target and Home Depot. It discusses SEC guidance on cybersecurity disclosure and notes boards must exercise oversight in good faith to avoid liability for failures.
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
Ā
Financial firms, investment advisors, and others in the financial industry must employ good retention practices to remain compliant with rules from FINRA, SEC, and other regulators. The emerging solution to retaining perfect copies of online activity is web archiving. Social media should be archived too! This paper examines the necessity and benefits of archiving, and presents effective solutions.
This document provides a report on internet banking that was prepared by a working group established by the Reserve Bank of India.
The 9 chapter report examines the risks, technology/security standards, legal issues, and regulatory concerns regarding internet banking. It provides an overview of international experiences with internet banking, the current Indian scenario, and makes recommendations.
Key areas discussed include the different types of risks posed by internet banking; recommended technology and security standards; identifying gaps in existing legal/regulatory frameworks; supervisory and operational issues for banks; and the impact of internet banking on monetary policy and clearing/settlement systems. The report analyzes these issues through the lens of the distinctive features of internet banking and aims to provide guidance for
Regulators on the Move ā Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
Ā
This document summarizes recent regulatory actions and initiatives that affect financial institutions and their boards of directors. It discusses a Treasury report on nonbank financial companies and fintech, the OCC's announcement allowing fintech companies to apply for national bank charters, the BCFP's participation in an international fintech regulatory cooperation group, and other related developments. The actions reflect a changing landscape with increasing fintech competition and opportunities for banks through partnerships with innovative companies. Banks will need to carefully navigate the uncertainties of these overlapping and possibly conflicting regulatory initiatives.
Cyber ANPR Regulatory Alert - October 2016Ben-Ari Boukai
Ā
The document outlines enhanced cybersecurity risk management standards proposed by US financial services regulators. It would apply stringent requirements to large financial institutions and third-party service providers. Key aspects include: requiring robust cyber risk governance including board oversight; comprehensive cyber risk management strategies addressing internal and external risks; prioritizing systems critical to the financial sector; and taking an enterprise-wide, three lines of defense approach to cybersecurity. If implemented, the proposals would constitute the most demanding cybersecurity standards for major US financial firms to date.
This document discusses key financial regulations and trends, and how technology can help financial institutions comply with regulatory reporting requirements. It outlines several major regulations including FATCA, Dodd Frank Act, Basel III, FINRA, AML, KYC, and MiFID. For each regulation, it provides high-level details on requirements and highlights. It also discusses challenges of regulatory compliance and how technology can help with tasks like data management, analytics, reporting automation and process consolidation to improve regulatory reporting.
This document provides an overview of data privacy issues and insurance coverage options. It discusses the foundations for privacy concerns, types of data breaches and their costs, applicable privacy laws, hypothetical breach scenarios and potential resulting losses. It then outlines various insurance options that could apply, including first party coverage for breach response costs, third party coverage for privacy claims, network security policies, and cyber extortion coverage. Finally, it notes some common exclusions around system failures, employee acts, operations, and independent contractors.
The document discusses the financial revolution driven by digitization, disaggregation, and decentralization. It summarizes that fintech startups are using new technologies like APIs, cloud services, and algorithms to build faster and offer more user-friendly interfaces, while traditional banks still handle the underlying financial infrastructure. This has created a relationship of "frenemies" between fintech startups and incumbents. The revolution is opening up financial services to more consumers while also introducing new risks from issues like increased complexity and lack of regulation in the new areas.
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...Kullarat Phongsathaporn
Ā
The document discusses trends in financial technology (FinTech) regulation. It notes that regulators must balance financial stability, consumer protection, and innovation. New technologies are transforming finance but also present risks. The document outlines regulatory challenges from technologies like blockchain, cryptocurrencies, and cloud computing. It predicts regulators will support FinTech through sandboxes and holistic frameworks while addressing issues like cybersecurity, data privacy, and cross-border consistency.
#RegReporting is a tough nut to crack! In his recent blog, Prakash Jalihal writes on why the process has become so complicated and explains how HEXANIKA can streamline Regulatory Reporting for banks using #BigData technology:
The Rise of FinTech_ How Is It Revolutionizing The Future of Finance_.pdfAnil
Ā
The evolution of FinTech (Financial Technology) drastically transformed the way traditional financial institutions ā insurers and banks functioned. To thrive, global companies, retailers, and large tech giants realized the need to reinvent the value chain of financial services.
Blockchain would be the most likely and viable solution of Anti Money Laundering problems. Banking, financial as well as non financial industries along with regulators can benefit from this tecchnology
What's new with Cybersecurity in Singapore? Abraham Vergis
Ā
This document discusses cybersecurity issues in Singapore and the new Cybersecurity Bill. It summarizes recent major cyber attacks like WannaCry that disrupted companies and government services. The bill aims to regulate critical infrastructure, empower the Cyber Security Agency of Singapore to respond to threats, facilitate sharing of cybersecurity information, and license cybersecurity service providers. The bill establishes baseline standards for protecting information that law firms must exceed due to risks of hackers interfering with confidential international dispute information.
Review of ADCs in banking sector from ATMS to social media. Consideration of operational, legal and regulatory risks for "grown up" financial services institutions adopting social media channels. Analysis of social media regulation and guidance: FFIEC (USA) and FCA (UK)
This document discusses the concept of "Fintech 2.0" and the opportunities for collaboration between banks and fintech startups. It argues that fintech startups have succeeded in certain areas by developing more user-friendly and cost-effective digital products, but to realize their full potential will need to work more closely with banks who provide access to data, distribution networks, and regulatory expertise. The document outlines several areas where fintech innovation could transform banking, such as using internet of things data, smart data analytics, distributed ledgers, and reducing friction in processes like mortgages and savings. The overall premise is that banks and fintechs should collaborate to mutual benefit, with each providing what the other currently lacks.
The FinTech 2.0 Paper: rebooting financial servicesEdwin Soares
Ā
This document discusses the potential for collaboration between banks and financial technology startups (fintechs) to realize "Fintech 2.0". It argues that fintechs have succeeded in certain areas like payments and lending by having fewer regulations, lower costs, and a more digital focus than banks. However, to fundamentally change banking, fintechs must work with banks which have advantages like existing customers, brands, and regulatory expertise. The document outlines opportunities for collaboration between banks and fintechs in areas like using data from the Internet of Things, analyzing "smart data", implementing distributed ledger technology, and creating frictionless processes. It concludes that both banks and fintechs will benefit most from cooperation rather than competition to realize the
Not Prepared for Hacks
U.S. News & World Report Weekly.
(May 30, 2014):
From Educators Reference Complete.
Copyright:
COPYRIGHT 2014 U.S. News and World Report, L.P.. All rights reserved.
http://www.usnews.com/
Full Text:Ā
Data breaches are up and businesses aren't ready to deal with them
By Tom Risen
Hacking increased so much this past year that approximately half of U.S.
adults had their information stolen and less than half of U.S. companies have
taken enough precautions to protect consumer data, according to two studies
released this week.
Recent months have been filled with reports about hackers stealing credit
card data, online account passwords and other personal information from
consumers. These included data breaches of networks at retailers like Target
and Michaels, along with the Heartbleed security bug that made software
vulnerable to spying and online theft. Last week, in one of the latest major
security incidents, eBay urged its users to change their passwords
"because of a cyberattack that compromised a database containing
encrypted passwords and other non-financial data."
Approximately 110 million people, or 47 percent of adults, in the United
States have had their personal information exposed by such attacks, according
to a new study from CNNMoney and cybersecurity research firm the Ponemon
Institute. Attacks will likely become more frequent as Internet and mobile
device use grows, the report cautioned.
To make matters worse, companies are lagging behind trying to protect
themselves, according to PricewaterhouseCoopers' 2014 U.S. State of
Cybercrime Survey published Wednesday. Less than half of companies in the
survey took necessary steps to protect themselves. Only 38 percent
prioritized security investments based on the risks to their businesses, and
only 31 percent have a security strategy for the rapidly growing mobile
sector.
Businesses are unprepared in part because of poor cybersecurity training at
colleges, says Alan Paller, co-chair of the U.S. Department of Homeland
Security's Task Force on CyberSkills, which advises how to train
cybersecurity professionals. Security training was not provided for new
employees at 54 percent of the businesses in the PricewaterhouseCoopers
survey. "Colleges are creating people who can tell you about security
but they cannot fix the system," says Paller, founder of the SANS
Institute cybersecurity training organization.
Many cybersecurity specialists with practical computer expertise "are
not coming out of academia," Paller adds. Rather, "they are a lot
of self ...
This public policy session on the activities of the Technology Association of Louisville Kentucky (TALK) was presented in June 2022 at the TALK Cyber Security Summit in Louisville, KY.
A conversation on guidance and liabilities regarding reopening KY with Frost Brown Todd Attorney Victor Beckman and the Technology Association of Louisville KY's Executive Director Dawn Yankeelov.
More Related Content
Similar to A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
This document summarizes an article from The Corporate Governance Advisor on tools for boards to oversee cybersecurity risk. It discusses the business impacts and litigation/regulatory risks of cyber attacks. It outlines how boards have an oversight duty to ensure proper information and reporting systems exist to manage cybersecurity risk. The document provides examples of cybersecurity disclosure from companies like Target and Home Depot. It discusses SEC guidance on cybersecurity disclosure and notes boards must exercise oversight in good faith to avoid liability for failures.
Web and Social Media Archiving: A Growing Necessity For the Financial IndustryPageFreezer
Ā
Financial firms, investment advisors, and others in the financial industry must employ good retention practices to remain compliant with rules from FINRA, SEC, and other regulators. The emerging solution to retaining perfect copies of online activity is web archiving. Social media should be archived too! This paper examines the necessity and benefits of archiving, and presents effective solutions.
This document provides a report on internet banking that was prepared by a working group established by the Reserve Bank of India.
The 9 chapter report examines the risks, technology/security standards, legal issues, and regulatory concerns regarding internet banking. It provides an overview of international experiences with internet banking, the current Indian scenario, and makes recommendations.
Key areas discussed include the different types of risks posed by internet banking; recommended technology and security standards; identifying gaps in existing legal/regulatory frameworks; supervisory and operational issues for banks; and the impact of internet banking on monetary policy and clearing/settlement systems. The report analyzes these issues through the lens of the distinctive features of internet banking and aims to provide guidance for
Regulators on the Move ā Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
Ā
This document summarizes recent regulatory actions and initiatives that affect financial institutions and their boards of directors. It discusses a Treasury report on nonbank financial companies and fintech, the OCC's announcement allowing fintech companies to apply for national bank charters, the BCFP's participation in an international fintech regulatory cooperation group, and other related developments. The actions reflect a changing landscape with increasing fintech competition and opportunities for banks through partnerships with innovative companies. Banks will need to carefully navigate the uncertainties of these overlapping and possibly conflicting regulatory initiatives.
Cyber ANPR Regulatory Alert - October 2016Ben-Ari Boukai
Ā
The document outlines enhanced cybersecurity risk management standards proposed by US financial services regulators. It would apply stringent requirements to large financial institutions and third-party service providers. Key aspects include: requiring robust cyber risk governance including board oversight; comprehensive cyber risk management strategies addressing internal and external risks; prioritizing systems critical to the financial sector; and taking an enterprise-wide, three lines of defense approach to cybersecurity. If implemented, the proposals would constitute the most demanding cybersecurity standards for major US financial firms to date.
This document discusses key financial regulations and trends, and how technology can help financial institutions comply with regulatory reporting requirements. It outlines several major regulations including FATCA, Dodd Frank Act, Basel III, FINRA, AML, KYC, and MiFID. For each regulation, it provides high-level details on requirements and highlights. It also discusses challenges of regulatory compliance and how technology can help with tasks like data management, analytics, reporting automation and process consolidation to improve regulatory reporting.
This document provides an overview of data privacy issues and insurance coverage options. It discusses the foundations for privacy concerns, types of data breaches and their costs, applicable privacy laws, hypothetical breach scenarios and potential resulting losses. It then outlines various insurance options that could apply, including first party coverage for breach response costs, third party coverage for privacy claims, network security policies, and cyber extortion coverage. Finally, it notes some common exclusions around system failures, employee acts, operations, and independent contractors.
The document discusses the financial revolution driven by digitization, disaggregation, and decentralization. It summarizes that fintech startups are using new technologies like APIs, cloud services, and algorithms to build faster and offer more user-friendly interfaces, while traditional banks still handle the underlying financial infrastructure. This has created a relationship of "frenemies" between fintech startups and incumbents. The revolution is opening up financial services to more consumers while also introducing new risks from issues like increased complexity and lack of regulation in the new areas.
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...Kullarat Phongsathaporn
Ā
The document discusses trends in financial technology (FinTech) regulation. It notes that regulators must balance financial stability, consumer protection, and innovation. New technologies are transforming finance but also present risks. The document outlines regulatory challenges from technologies like blockchain, cryptocurrencies, and cloud computing. It predicts regulators will support FinTech through sandboxes and holistic frameworks while addressing issues like cybersecurity, data privacy, and cross-border consistency.
#RegReporting is a tough nut to crack! In his recent blog, Prakash Jalihal writes on why the process has become so complicated and explains how HEXANIKA can streamline Regulatory Reporting for banks using #BigData technology:
The Rise of FinTech_ How Is It Revolutionizing The Future of Finance_.pdfAnil
Ā
The evolution of FinTech (Financial Technology) drastically transformed the way traditional financial institutions ā insurers and banks functioned. To thrive, global companies, retailers, and large tech giants realized the need to reinvent the value chain of financial services.
Blockchain would be the most likely and viable solution of Anti Money Laundering problems. Banking, financial as well as non financial industries along with regulators can benefit from this tecchnology
What's new with Cybersecurity in Singapore? Abraham Vergis
Ā
This document discusses cybersecurity issues in Singapore and the new Cybersecurity Bill. It summarizes recent major cyber attacks like WannaCry that disrupted companies and government services. The bill aims to regulate critical infrastructure, empower the Cyber Security Agency of Singapore to respond to threats, facilitate sharing of cybersecurity information, and license cybersecurity service providers. The bill establishes baseline standards for protecting information that law firms must exceed due to risks of hackers interfering with confidential international dispute information.
Review of ADCs in banking sector from ATMS to social media. Consideration of operational, legal and regulatory risks for "grown up" financial services institutions adopting social media channels. Analysis of social media regulation and guidance: FFIEC (USA) and FCA (UK)
This document discusses the concept of "Fintech 2.0" and the opportunities for collaboration between banks and fintech startups. It argues that fintech startups have succeeded in certain areas by developing more user-friendly and cost-effective digital products, but to realize their full potential will need to work more closely with banks who provide access to data, distribution networks, and regulatory expertise. The document outlines several areas where fintech innovation could transform banking, such as using internet of things data, smart data analytics, distributed ledgers, and reducing friction in processes like mortgages and savings. The overall premise is that banks and fintechs should collaborate to mutual benefit, with each providing what the other currently lacks.
The FinTech 2.0 Paper: rebooting financial servicesEdwin Soares
Ā
This document discusses the potential for collaboration between banks and financial technology startups (fintechs) to realize "Fintech 2.0". It argues that fintechs have succeeded in certain areas like payments and lending by having fewer regulations, lower costs, and a more digital focus than banks. However, to fundamentally change banking, fintechs must work with banks which have advantages like existing customers, brands, and regulatory expertise. The document outlines opportunities for collaboration between banks and fintechs in areas like using data from the Internet of Things, analyzing "smart data", implementing distributed ledger technology, and creating frictionless processes. It concludes that both banks and fintechs will benefit most from cooperation rather than competition to realize the
Not Prepared for Hacks
U.S. News & World Report Weekly.
(May 30, 2014):
From Educators Reference Complete.
Copyright:
COPYRIGHT 2014 U.S. News and World Report, L.P.. All rights reserved.
http://www.usnews.com/
Full Text:Ā
Data breaches are up and businesses aren't ready to deal with them
By Tom Risen
Hacking increased so much this past year that approximately half of U.S.
adults had their information stolen and less than half of U.S. companies have
taken enough precautions to protect consumer data, according to two studies
released this week.
Recent months have been filled with reports about hackers stealing credit
card data, online account passwords and other personal information from
consumers. These included data breaches of networks at retailers like Target
and Michaels, along with the Heartbleed security bug that made software
vulnerable to spying and online theft. Last week, in one of the latest major
security incidents, eBay urged its users to change their passwords
"because of a cyberattack that compromised a database containing
encrypted passwords and other non-financial data."
Approximately 110 million people, or 47 percent of adults, in the United
States have had their personal information exposed by such attacks, according
to a new study from CNNMoney and cybersecurity research firm the Ponemon
Institute. Attacks will likely become more frequent as Internet and mobile
device use grows, the report cautioned.
To make matters worse, companies are lagging behind trying to protect
themselves, according to PricewaterhouseCoopers' 2014 U.S. State of
Cybercrime Survey published Wednesday. Less than half of companies in the
survey took necessary steps to protect themselves. Only 38 percent
prioritized security investments based on the risks to their businesses, and
only 31 percent have a security strategy for the rapidly growing mobile
sector.
Businesses are unprepared in part because of poor cybersecurity training at
colleges, says Alan Paller, co-chair of the U.S. Department of Homeland
Security's Task Force on CyberSkills, which advises how to train
cybersecurity professionals. Security training was not provided for new
employees at 54 percent of the businesses in the PricewaterhouseCoopers
survey. "Colleges are creating people who can tell you about security
but they cannot fix the system," says Paller, founder of the SANS
Institute cybersecurity training organization.
Many cybersecurity specialists with practical computer expertise "are
not coming out of academia," Paller adds. Rather, "they are a lot
of self ...
Similar to A Look At Evolving Cybersecurity Policy for Financial Institutions 2021 (20)
This public policy session on the activities of the Technology Association of Louisville Kentucky (TALK) was presented in June 2022 at the TALK Cyber Security Summit in Louisville, KY.
A conversation on guidance and liabilities regarding reopening KY with Frost Brown Todd Attorney Victor Beckman and the Technology Association of Louisville KY's Executive Director Dawn Yankeelov.
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
Ā
DHS Cybersecurity Analyst details the US Department of Homeland Security Services for all businesses to build cyber resilience at the Technology Association of Louisville's CyberSecurity Summit on June 14, 2019.
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
Ā
This presentation was made by Cloudnexus Founder Jay Rollins at the Technology Association of Louisville Kentucky's Cybersecurity Summit on June 14, 2019.
This presentation was given by Security Analyst Josh Chou from Cybereason on June 14, 2019 at the Technology Association of Louisville Kentucky's Cybersecurity Summit.
Cyber Security Resilience from Metro Louisville Govt. Dawn Yankeelov
Ā
Metro Louisville's Chief Security Officer James Meece spoke at the Technology Association of Louisville Kentucky's CyberSecurity Summit 2019 in June on Cyber Resilience.
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachDawn Yankeelov
Ā
The document summarizes legal issues related to data privacy and security breaches. It discusses (1) the relevant cost-benefit analysis that courts consider for data security, (2) examples of court orders regarding document productions and computer forensics in litigation, and (3) that parties are responsible for errors made by their vendors. The document then provides an agenda on legal issues in data privacy and security, including anticipating threats, incident response, and applying relevant laws and frameworks.
"How You Can Participate in TALK's KY Cybersecurity Enclave for Regional and National Attack Views & Reporting," Phil Bond, CEO of CyberUSA, with Q&A, including Dawn Yankeelov, Executive Director, TALK.
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Dawn Yankeelov
Ā
"Understanding Cyber Industrial Controls in the Manufacturing and Utilities Environment," By Dr. John Naber, Co-Founder & Partner in True Secure SCADA, which is KY-based and holds 2 key patents in this area. This was given at the TALK Cybersecurity Summit 2018 in Louisville, KY.
Kentucky's Cyber Engineering Pathway for Teens By Scott U'SellisDawn Yankeelov
Ā
These slides by Scott U'Sellis of the Kentucky Department of Education, Office of Career and Technical Education, were presented at Techfest Louisville 2017 hosted by the Technology Association of Louisville Kentucky.
This presentation was made on PSST's approach to building the company at Techfest Louisville 2017, hosted by the Technology Association of Louisville Kentucky.
Entrepreneur John Wiliamson presented RCM Brain: AI Bots in Healthcare at Techfest Louisville 2017 hosted by TALK, the Technology Association of Louisville Kentucky.
Cybersecurity Trends & Startups by Gula Tech AdventuresDawn Yankeelov
Ā
This presentation was made by Cybersecurity Expert and Investor Ron Gula at Techfest Louisville 2017, hosted by TALK, the Technology Association of Louisville Kentucky.
Derek Rush of LBMC Information Security presented at Techfest Louisville 2017 which was hosted by the Technology Association of Louisville Kentucky (TALK.)
Blockchain: An Explanation by Frost, Brown & Todd Attorneys Dawn Yankeelov
Ā
Blackline Advisory Group ran the panel discussion on Blockchain at the Techfest Louisville 2017 event hosted by TALK, the Technology Association of Louisville Kentucky.
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
Ā
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
š Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
š» Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Ā
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as ākeysā). In fact, itās unlikely youāll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, theyāll also be making use of the Split-Merge Block functionality.
Youāll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
What is an RPA CoE? Session 2 ā CoE RolesDianaGray10
Ā
In this session, we will review the players involved in the CoE and how each role impacts opportunities.
Topics covered:
ā¢ What roles are essential?
ā¢ What place in the automation journey does each role play?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
Ā
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Ā
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More -Ā https://bit.ly/3VKly70
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
Ā
š Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
š Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
š» Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
š Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
From Natural Language to Structured Solr Queries using LLMsSease
Ā
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or ācognitiveā gap) remains between the data user needs and the data producer constraints.
That is where AI ā and most importantly, Natural Language Processing and Large Language Model techniques ā could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr indexās metadata.
This approach leverages the LLMās ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
MySQL InnoDB Storage Engine: Deep Dive - MydbopsMydbops
Ā
This presentation, titled "MySQL - InnoDB" and delivered by Mayank Prasad at the Mydbops Open Source Database Meetup 16 on June 8th, 2024, covers dynamic configuration of REDO logs and instant ADD/DROP columns in InnoDB.
This presentation dives deep into the world of InnoDB, exploring two ground-breaking features introduced in MySQL 8.0:
ā¢ Dynamic Configuration of REDO Logs: Enhance your database's performance and flexibility with on-the-fly adjustments to REDO log capacity. Unleash the power of the snake metaphor to visualize how InnoDB manages REDO log files.
ā¢ Instant ADD/DROP Columns: Say goodbye to costly table rebuilds! This presentation unveils how InnoDB now enables seamless addition and removal of columns without compromising data integrity or incurring downtime.
Key Learnings:
ā¢ Grasp the concept of REDO logs and their significance in InnoDB's transaction management.
ā¢ Discover the advantages of dynamic REDO log configuration and how to leverage it for optimal performance.
ā¢ Understand the inner workings of instant ADD/DROP columns and their impact on database operations.
ā¢ Gain valuable insights into the row versioning mechanism that empowers instant column modifications.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
Ā
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energyās Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Ā
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
Weāll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Ā
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
1. A Look At Evolving Cybersecurity Policy
for Financial Institutions
Dawn Yankeelov, President, Aspectx &
Executive Director, Technology Association of
Louisville Kentucky
July 16, 2021
2. Looking Back to 2016ā¦
Statistics May Not Surprise You
ā¢ Cybercrime Jumped to the Most Reported Economic Crime in
PWCās Global Economic Crime Survey in 2016.
ā¢ The US Commercial Bank with the lowest security posture
was one of the top 10 largest financial service
organizations in the US by revenue.
ā¢ Only one of the top 10 largest banks, Bank of America,
received an overall āAā grade in the PWC Security Scorecard
ā¢ Nearly 1 out of 5 financial institutions used an email
service provider in 2016 with severe security
vulnerabilities.
ā¢ Best performing in IT Security in 2016: Goldman Sachs,
Exchange Bank, BNP Paribase Fortis, and Banco Popolare
--PricewaterhouseCoopers Scorecard 2016
3. Big Banks Are Paying Attention
2021 ā The financial services industry faced unprecedented
cybersecurity costs and ... New legislation is on the horizon in
several statesā¦
At a Congressional hearing in May this year, the chief executives of
Wall Streetās six largest banks were asked to name the greatest threat to their
companies and the wider financial system. They did not mention the global
pandemic, climate change or factors that contributed to the 2008 financial crisis.
The most popular answer instead was ācybersecurity.ā ā NYT, July 3, 2021
4. Manpower: On It in IT
JPMorgan Chase alone spends about $600 million
each year on cybersecurity efforts and has āmore
than 3,000 employeesā working on the issue in
some way.
July 8, 2021 1:23 PM EDT Finance
Morgan Stanley faces data breach,
corporate client info stolen in vendor hack
The bank said attackers accessed information by exploiting a vulnerability in the vendor's
server, Accellion FTA. While the exposure was patched within five days, the attackers obtained
a decryption key even though the files were encrypted.
5. Us Cyberspace Solarium Commission
Puts Financial Sector at Top of Critical
Infrastructure
Solarium.gov
6. Public Policy: New Standards
Coming
ā¢ More Information-Sharing In Your Future
ā¢ More Protections for Personal Information
ā¢ More Players Onboard with āIdeasā from NIST to State Finance-
Specific boards, to ABA to the Federal Reserve Board, the Office of
the Comptroller of the Currency and the Financial Institutions
Examination Council.
ā¢ New York Leading the Way
ā¢ State Governors Pushing
ā¢ Mega-Bank Group Has Formed
ā¢ A Push to Adherence to Federal Guidelines
ā¢ More and More Risk Management
ā¢ Training for Staff
8. Social Engineering Fears
Predominate
According to CSI recent survey data, the overwhelming majority (81%)
of bankers view social engineering as the greatest cybersecurity threat
in 2021.
ā¢ Customer-targeted phishing: The topmost cybersecurity threat identified
by bankers was social engineering aimed at customers via phishing (34%).
This coincides with recent reports of large scale email impersonation
attacks, pretending to be from the recipientās personal bank and trying to
trick them into providing sensitive information about their accounts.
ļ· Employee-targeted phishing: Almost as many bankers (32%) are most
worried about phishing aimed at internal targets that let attackers into
internal systems. This concern is well-founded. Employees working from
home and burdened by new financial and family challenges due to the
pandemic are ripe targets for cybercriminals.
9. Anticipation.ā¦. Implications to
Follow
The Financial Stability Board (FSB) has published responses to its consultation on regulatory and
supervisory issues relating to outsourcing and third-party relationships.
Recommended:
ā¢the development of global standards on outsourcing and third-party risk management;
ā¢the adoption of consistent definitions and terminology;
ā¢pooled audits, certificates and reports.
A rise in the use of mobile finance apps was noticed by two other parties: hackers and
regulators. Hackers increased attacks intended to steal personal information or cardholder
data, while regulators became increasingly concerned with financial data security compliance.
The developers of financial services apps need to ensure data security compliance to operate
in various markets, reassure their customers that they are handling their data with care, and
importantly, reduce risk and exposure associated with regulatory censure.
--https://securityboulevard.com/2021/02/top-2021-banking-and-fintech-security-
regulations/
10. Global Legislation Impactsā¦Anti-Money
Laundering, Cybersecurity Requirements,
etc.
Financial Transactions and Reports Analysis Centre of Canada
(FINTRAC)
Canadaās anti-money laundering legislation introduced significant changes
in June 2021. The expanded ruleset will change how politically-exposed
persons are reported on, and will bring cryptocurrencies under the remit of
reporting obligations.
One of the most significant of these changes is that foreign Money Services
Businesses (MSBs), which had not previously been obligated to report
under the FINTRAC legislation, will now do so. This will significantly
increase reporting obligations and associated risks for foreign fintech firms
operating in the Canadian market.
--https://www.fintrac-canafe.gc.ca/covid19/flexible-measures-eng
11. Mobile Apps Under Surveillance
Financial data security compliance is critical for all fintech and mobile banking
app developers for a number of reasons, including:
ļ§ Reducing costs of data breaches
ļ§ Avoiding regulatory fines
ļ§ Maintaining customer trust and loyalty
ļ§ Capacity to operate in multiple jurisdictions
ļ§ https://www.intertrust.com/blog/top-2021-banking-and-fintech-
security-regulations/
12. Ante Upped--Financial Data
Security Compliance
California Consumer Privacy Act (CCPA)
--The new changes introduced to the CCPA on January 1 will demand
data compliance. It will also widen the net.
The actās core provisions already grant consumers the rights to access
held about them, demand its deletion, and opt-out from future
these only previously applied to āfor-profitā businesses, such as those
in excess of $25 million.
For finance and mobile banking developers doing business in
layer of financial data security compliance that they need to fulfill.
--https://www.jdsupra.com/legalnews/ab-713-ccpa-requirements-take-effect-
42027/
13. Critical Infrastructure & Supply
Chain Language in Legislation
The Cyber Incident Notification Act of 2021 places its primary focus on the federal supply chain.
However, the CINA expands this coverage to ācovered entitiesā that includes owners and
operators of critical infrastructure.
The full definition of covered entities has not been drafted yet, and the bill tasks
the Cybersecurity & Infrastructure Security Agency (CISA) with drafting a definition that will
include āat a minimum, Federal contractors, owners or operators of critical infrastructure, and
nongovernmental entities that provide cybersecurity incident response services.ā
--https://www.agileit.com/news/cyber-incident-notification-act/
--Led by Mark Warner, Senate Intelligence Chair, Marco Rubio, and Susan Collins
14. 36-Hour Data Breach Reporting
Rules for Significant Incidents
Specifically, the Proposed Rule would require banking organizations to notify
their primary federal regulators within 36 hours of becoming aware of a
ācomputer-security incidentā that rises to the level of a ānotification incident.ā In
addition to covering incidents involving unauthorized access to customer
information, it would apply to some events where data was rendered
temporarily unavailable, such as ransomware and distributed denial-of-
service attacks.
The rule would also require bank service providers to notify āat least two
individualsā at an affected banking organization-customer immediately after
experiencing a computer-security incident that it believes āin good faith could
disrupt, degrade, or impair services provided for four or more hours.ā A 36-hour
deadline appears to be one of the most rigorous timeframes of any U.S.
breach reporting scheme.
--Banking Law Committee Journal, April 28, 2021
15. The Circle Widensā¦Proposed Banking Cyber-Incident
Notification Rules Could Apply to Fintech Players
The rule was issued Jan. 12, 2021, by the Office of the Comptroller of the Currency
(OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit
Insurance Corporation (FDIC). The ruleās comment period concluded April 12.
Three Key Takeaways
1. Fintechs should confirm whether their existing banking organization clients have
designated them as bank service providers under the BSCA.
2. Fintechs should review existing commercial agreements and standard forms to
incorporate provisions requiring a banking organization client to notify the fintech should
the client designate the fintech as a bank service company.
3. Fintechs (and their banking organization clients) should proactively ensure that these
agreements and forms also adequately provide for notification procedures (including
timing and contact information) to facilitate compliance with the proposed rules.
--https://www.jonesday.com/en/insights/2021/01/fintech-proposed-banking-cyberincident-notification-rules-could-apply-to-you-too
--https://www.reedsmith.com/en/perspectives/2021/04/proposed-rule-would-require-faster-reporting-of-cyber-incidents-by-banks
16. American Bankers Association
Weighs in
--https://www.fdic.gov/resources/regulations/federal-register-
publications/2021/2021-computer-security-incident-notification-3064-af59-c-
016.pdf
A common source of concern is the misperception that the Proposal intends to replace
existing notice requirements with a short, fixed, prescriptive timeline. There also is
concern that the Proposal is overbroad, and would create burdensome overreporting
contrary to the spirit of its articulated intent to provide āearly awarenessā of severe and
operationally debilitating occurrences. This concern lies in the belief that the Proposal
as written would attach prescriptive mandatory reporting to an array of events, both the
actual, materially harmful and extraordinary, as well as the merely possible or
mundane. In practice, this would compel banks to overreport nondisruptive events to
their primary federal regulator as well as use limited resources to review voluminous
overreports from bank service providers.
ā¦..there remains cautious concern as to how the Proposal will be implemented and
enforced.
--
17. FinCEN announces eight areas of focus and advises preparation for
issuance of new regulations
On June 30, 2021, the U.S. Department of Treasuryās Financial Crimes
Enforcement Network (āFinCENā) issued the first government-wide priorities for
anti-money laundering (āAMLā) and countering the financing of terrorism
(āCFTā) policy (the āPrioritiesā).
FinCEN has not yet issued the regulations governing how the Priorities must be
incorporated into Covered Institutionsā AML programs.
Cybercrime, including Relevant Cybersecurity and Virtual Currency Considerations:
FinCEN states that it is particularly concerned about three types of cybercrime: (1) cyber-
enabled financial crime, such as phishing campaigns or other fraudulent schemes against
financial institutions; (2) ransomware attacks; and (3) āthe misuse of virtual assets that
exploits and undermines their innovative potential, including through laundering of illicit
proceeds.ā FinCEN notes that it issued an advisory in 2016 describing the typologies and
red flags related to cybercrime to assist Covered Institutions compliance and cybersecurity
units.
--https://www.jdsupra.com/legalnews/fincen-issues-anti-money-laundering-and-3281702/
18. So What About the Statesā¦
ā¢ All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have
enacted security breach notification laws that require businesses or governments to notify
consumers or citizens if their personal information is breached.
ā¢ Lawmakers continue to review existing laws, however. At least 22 states, introduced or
considered measures in 2021 that would amend existing security breach laws. Bills were
enacted in three statesāGeorgia, North Dakota and Utah so far in 2021.
19. Summary of Legislation
The most common trends in legislation this year include proposals that would:
ļ· Establish or shorten the time frame within which an entity must
report a breach.
ļ· Require state or local government entities to
report data breaches.
ļ· Provide an affirmative defense for entities that had reasonable
security practices in place at the time of a breach.
ļ· Expand definitions of "personal information" (e.g., to include
biometric information, health information, etc.).
ļ· Require private sector entities to report breaches to the state
attorney general or other state entity.
--https://www.ncsl.org/research/telecommunications-and-information-technology/2021-
security-breach-legislation.aspx
20. State Cybersecurity Safe Harbor
Legislation
2021 has already been a big year for state cybersecurity
safe harbor legislation.
--Two states, Utah and Connecticut, have recently enacted or introduced a breach litigation safe
harbor to incentivize businesses to protect personal information by adopting industry-
recognized cybersecurity frameworks such as the National Institute of Standards and
Technology's (NIST) Cybersecurity Framework and the Center for Internet Security's (CIS)
Critical Security Controls.
--In March 2021, Utah became the second state, after Ohio, to adopt a cybersecurity safe harbor
statute for businesses impacted by a data breach. Specifically, an entity that "creates, maintains, and
reasonably complies" with a written cybersecurity program modeled after one of several named
cybersecurity frameworks may have an affirmative defense to certain claims if the program is in
place at the time it experiences a breach of its system security.
--"Breach of system security" is defined under the law to mean an unauthorized acquisition of
computerized data maintained by a person that compromises the security, confidentiality, or integrity
of personal information.
--https://www.mondaq.com/unitedstates/security/1067364/2021-developments-in-state-cybersecurity-safe-harbor-
laws
21. Vendor Management
--Effective vendor management (for both compliance and certainty) requires
more than a sales demonstration.
--It requires a thorough analysis of vendor financials, SOC reports, security,
and confidentiality.
--Having legal counsel review vendor contracts for regulatory compliance and
effective security can provide significant assurances that the chosen vendors
are protecting customer assets and minimizing legal exposure.
----https://www.fmjlaw.com/financial-institutions-banks-cybersecurity-
2021/
22. Vendor Management
With virtual banking replacing the retail branch, financial institutions are not
immune from this phenomenon, despite the sensitivity of data under their
management. They are faced with the challenge of finding a WFH environment
that is as safe and secure as an in-office environment.
To reach that goal, financial institutions will need to revisit, update and
implement stronger technology policies into their employee handbooks.
Those policies should incorporate not only cyber protection but also
institutional protection for potential employee breaches.
--https://www.fmjlaw.com/financial-institutions-banks-cybersecurity-2021/
23. Vendor Management
****To summarize, it is important to take inventory of (1) vendor agreements, (2)
privacy policies, (3) employee technology policies, and (4) incident response
plans.***
--Analyze those relative to regulatory and insurance requirements and
determine what steps need to be made for maximum protection.
----https://www.fmjlaw.com/financial-institutions-banks-cybersecurity-2021/
24. Resources
https://www.fdic.gov/resources/bankers/information-technology/
ļ· Cybersecurity
o FFIEC Cybersecurity Assessment Tool assists institutions with identifying cybersecurity risks and determining
preparedness
o FrequentlyAsked Questions provide information related to the FFIEC CybersecurityAssessment Tool
ļ· Technology Outsourcing: Informational Tools for Community Bankers provides resources for selecting service providers,
drafting contract terms, and providing oversight for multiple service providers
ļ· FDIC Technical Assistance Videos
o CybersecurityAwareness, a video series designed to assist bank directors with understanding cybersecurity risks and
related risk management programs
o Cyber Challenge: A Community Bank Cyber Exercise designed to encourage community financial institutions to
discuss operational risk issues and the potential impact of information technology disruptions on common banking
functions
25. Voluntary Resource Opportunity
On June 30, 2015, the Federal Financial Institutions
Examination Council (FFIEC),1 on behalf of its members,
issued a Cybersecurity Assessment Tool (Assessment)
that financial institutions may use to evaluate their risks
and cybersecurity preparedness.
Noted for Community Banks as incorporating NIST
Framework ideas, FFIEC Information Technology
Examination Handbook, and others.
https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT%
20FAQs.pdf
26. FFIEC Cyber Tool Link
https://www.ffiec.gov/cyberassessmenttool.htm
27. Board Level Resources
The 2020 Edition of the NACD Directorās Handbook on
Cyber-Risk Oversight
(National Association of Corporate Directors)
The Handbook was the first non-government resource to be
featured on the U.S. Department of Homeland Securityās US-
CERT C3 Voluntary Program website.
(United States Computer Emergency Readiness Team)
Links:
https://www.nacdonline.org/insights/publications.cfm?Item
Number=67298
28. STAKEHOLDER ENGAGEMENT AND CYBER
INFRASTRUCTURE RESILIENCE
The Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division within
Cybersecurity and Infrastructure Security Agency (CISA) streamlines strategic outreach to
government and industry partners, by leveraging capabilities, information and intelligence, and
subject matter experts in order to meet stakeholder requirements. SECIR programs and initiatives
build public, private and international partnerships and capacity for resilience across the Nationās
critical infrastructure and the cybersecurity community. For more information, email
SECIRFrontOffice@hq.dhs.gov.
Vision
An engaged and informed customer base driven to achieve a resilient and secure cyber space
ecosystem.
Mission
ā¢Initiate and sustain strategic Critical Infrastructure (CI) & State, Local, Tribal and Territorial (SLTT)
partnerships to develop approaches for longer cyber risk management.
ā¢Engage SLTT and CI partners to implement comprehensive but specific cyber preparedness and
protective activities
ā¢Perform outreach and education activities and advocate for DHS cyber capabilities
29. Cybersecurity & The Public Trust
Equation
But resilience against a cyber run doesnāt preclude damage to the economy, Mr.
Duffie and Mr. Younger noted. Financial markets, probably more than any other
critical infrastructure except elections, require public trust to operate. This can
quickly erode, even if an attack isnāt widespread.
Darrell Duffie, a professor at Stanfordās business school, examined the potential
impact of a ācyber runā in a paper published with Joshua Younger, a managing
director at JPMorgan.
--https://www.nytimes.com/2021/07/03/business/dealbook/hacking-wall-
street.html
30. Self-Assessment from BECTF
Bankers Electronic Crimes Task Force (BECTF) with state
bank regulators & US Secret ServicesāRansomware
Self-Assessment Tool
https://www.csbs.org/sites/default/files/2020-10/R-
SAT_0.pdf
31. Around the World ā Less Prep
āIn terms of cyber maturity, Latin America still needs significant
advances. The recent OECD study, Digital Security Risk Management,
highlights that only three of the 21 countries in Latin America have a
defined national digital security strategy, indicating that the region is not
yet sufficiently prepared. This is largely due to gaps in legal and
regulatory structures. Other aspects that corroborate the criticality of the
situation involve the limited investment in cybersecurity technology and
the deficit of talent in cybersecurity.ā-- Homero Valiatti has been working at ItaĆŗ
Unibanco since 2018 and is currently Information Security Superintendent. In this role, Homero is
responsible for the evolution of the institution's cybersecurity.
33. Reality of ComplianceāTest,
Test, Not Just Annually
One-quarter of the organizations who do execute testing
usually uncover problems or gaps, which begs the question:
how many untested environments are operating with glitches?
--Peak 10 data study
34. Get Involved: Public Policy
ā¢ Participate in organizations like CompTIA
ā¢ Join Your Local Technology Council ā 60+ Across the US
ā¢ Give Comments During Comment Periods for Banking
Regulation
ā¢ Participate at the State Level in local fusion centers and other
Cybersecurity Centers of Excellence at Universities and New
Initiatives
ā¢ Attend Flyins to DC
ā¢ Following proposed banking legislations
ā¢ NIST Cyber Working Groups
35. At the Office: Cyber Workforce
Gap
Every year in the U.S. there are 128,000 openings for
Information Security Analysts, but only 88,000 workers
currently employed in those positions ā a talent shortfall of
40,000 workers for cybersecurityās largest job.
http://cyberseek.org/heatmap.html
36. Federal Partners in Cyber
NIST -- National Institute of Standards and Technology
NIST is the federal technology agency that works with industry to
develop and apply technology, measurements, and standards.
NICE -- The National Initiative for Cybersecurity
Education
NICERC now Cyber.org -- Cyber Literacy Curriculum,
Computer Science Curriculum, STEM Curriculum, and Teacher
Resources from National Integrated Cyber Education Research.
37. A Banking Cybersecurity Profile to Enhance and
Simplify Your Risk Assessment
DOWNLOAD CRI CYBERSECURITY PROFILE V1.1,
NOVEMBER 12, 2020
The CRI Cyber Profile v1.1 includes:
1.User Guide,
2.Mappings to National Association of Insurance
Commissioners (NAIC) IT handbook,
3.V.1.1 Frequently Asked Questions (FAQ),
4.Summary of v1.1 updates and revisions,
5.Mapping to NIST Cyber Security Framework (CSF),
and
6.Mapping between NIST CSF/ISO IEC 27001
ā¢The Roadmap Forward
ā¢Impact Tiering Questionnaire
ā¢Industry Press Release: CRI Cyber Profile v1.1, November 12, 2020
--
38. Explanation of Banking
Cybersecurity Profile
The banking industry saw a need for a more harmonized approach to
cybersecurity that supports strong oversight while conserving talent and
resources, and ensuring safety and soundness. The Financial Services Sector
Cybersecurity Profile acts as a shared baseline for examination across
federal regulatorsāin a way that makes the most sense for the individual
institution.
ā¢developed by the Financial Services Sector Coordinating Council (global, regional,
midsize and community banks, along with representatives from other key agencies)
ā¢designed to deploy resources more effectively
ā¢reduces time spent on reconciling exam issues
ā¢integrates widely used standards and supervisory expectations
ā¢compliments the NIST cybersecurity framework
39. Back in the Spotlight: Financial
Services Sector Coordinating
Council
40. For the Bank Teller:
In Walks Awareness Training
ļ Your biggest security risk works in-house
ļ Empower your workforce to reduce that risk
ļ 95% of all security breaches involve
human error
95% of
42. Final Takeaways
ā¢ Make Data Driven Decisions
ā¢ Take a Proactive Stance
ā¢ Take Broad View of Risk Management
ā¢ Have Governance and Designate a CISO role
ā¢ Strengthen Cyber Practices Around Compliance
ā¢ Test, Test and Mitigate
ā¢ Have Governance and Designate a CISO role
ā¢ Be Willing to Collaborate with Peers and Industry
ā¢ Attend to the Human Factor Internally- Train and Develop
Workforce
44. Aspectx
Your Communications and Public Policy Firm
*Competitive Intelligence & Industry Analysis*Public
Policy*Joint Application Design*Marketing*Public Relations &
Social Media*Business Development*Web Development &
Content Marketing Founder and President Dawn Yankeelov
www.aspectx.com
dawny@aspectx.com Twitter: @dawnyaspectx 502-292-2351
TALKāTechnology Association of Louisville Kentucky
www.talklou.com
And TECNA www.tecna.org @talklou