Tabletop exercises are often labeled as pain points and seen as just another “to do” item on the compliance checklist. Yet, if done well, they can be a huge value-add to your organization’s resilience.
This article will give six simple steps to conduct an effective tabletop exercise.
On June 3, 2024, the Securities and Exchange Commission (SEC) published a final rule titled Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information. The rule amends 17 CFR Part 248 and enhances the SEC’s cybersecurity and incident response requirements.
Businesses are expected to put their business continuity and incident response plans to the test. But what does that mean exactly? If the whole concept of exercises and tests is a bit murky, you’ve come to the right place. In this article, we’ll answer some frequently asked questions.
A look at the CISA's proposed rule in the Federal Register titled Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements.
On November 13, 2023, the Federal Trade Commission published a Final Rule in the Federal Register updating the Safeguards Rule. The rule includes changes to the incident notification requirements for financial institutions.
On Tuesday, October 24, 2023, regulators published an updated version of the Ransomware Self-Assessment Tool (R-SAT). In this blog, we’ll discuss what the R-SAT is, what got updated, and what you need to do about it.
Let’s understand the OCC's new cybersecurity supervision work program more clearly by looking at five things we think community banks should know about the new exam procedures.
This article looks at the NCUA's Cyber Incident Notification Rule, including the final rule's development, key details, and required actions for credit unions.
This article is an introduction to the new requirements released by Freddie Mac, as well as a summary of what’s new, what’s changed, and what you may need to do about it.
This article will tell you what you can expect in your 2023 exam and take you through a bit of the history of each acronym.
In this article, we discuss how exactly to determine which incidents must be reported to your federal regulator, per the legal definition.
