FDIC IT Exam Update

The FDIC has updated their IT Examination procedures.  On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions.  The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place.   Contine reading

Ransomware: Malware in its cruelest form

Ransomware is another type of malware, but this one carries a bit of a sting.  Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s.  Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box.  Ransomware has been the headline for 2016.  If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading

FFIEC: Mobile Financial Services

The FFIEC recently updated the IT Examination HandBook – Retail Payment Systems.  The new information can be found in Appendix E “Mobile Financial Services”.  Mobile financial services are growing in popularity and are radically changing how consumers pay for goods and services.  Convenience is key; however, that means new threats and risks are introduced into a consumer’s life. Contine reading

Verizon Data Breach Investigations Report 2016

It’s that time of the year again!

Verizon released its Data Breach Investigations Report for 2016.  For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches.  The current report analyzes over 100,000 incidents that occurred in 2015.  It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading

Cybersecurity Assessment Tool: An Update

The FFIEC issued a tool in June of this year to aid financial institutions (FI) in identifying and mitigating cyber risks.  The verdict is still out on whether or not this tool is a requirement, highly recommended or completely optional.  Upon first look at this tool in PDF format, it can appear confusing and cumbersome.  So let’s first break down the pieces of the CAT and then I’ll explain how Traina & Associates can help you with your CAT if you choose to implement this at your FI. Contine reading

Beware of Email

If you’re like me, on some days, email seems to be your primary form of communication.  I’m not proud of that, but it’s the truth.  Second to email would be our internal instant messaging system.  With all of this electronic communication, I abide by the golden rule of never exchanging any confidential or sensitive information via email or instant message.  Why?  EMAIL IS TOO RISKY!

Contine reading


Welcome to my blog and thanks for reading. I’ll regularly share tidbits of information pertaining to the efficient use of technology, securing technology, the changing workplace and workforce and other thoughts that can help you improve your professional and personal use of technology.  If you are like me, you are alarmed any time you read the news and see a headline of a new breach or vulnerability.  Here we’ll dissect the latest data breaches and also discuss the current vulnerabilities you need to be aware of.
Contine reading