Traina Thoughts

We regularly share tidbits of information pertaining to the efficient use of technology, securing technology, the changing workplace and workforce and other thoughts that can help you improve your professional and/or personal life.

FDIC IT Exam Update

July 1, 2016July 1, 2016 Amy Bucklin

The FDIC has updated their IT Examination procedures. On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions. The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place. Contine reading →

Ransomware: Malware in its cruelest form

May 20, 2016June 17, 2016 Amy Bucklin

Ransomware is another type of malware, but this one carries a bit of a sting. Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s. Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box. Ransomware has been the headline for 2016. If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading →

FFIEC: Mobile Financial Services

May 6, 2016June 22, 2016 Amy Bucklin

The FFIEC recently updated the IT Examination HandBook – Retail Payment Systems. The new information can be found in Appendix E “Mobile Financial Services”. Mobile financial services are growing in popularity and are radically changing how consumers pay for goods and services. Convenience is key; however, that means new threats and risks are introduced into a consumer’s life. Contine reading →

Verizon Data Breach Investigations Report 2016

April 29, 2016June 21, 2016 Amy Bucklin

It’s that time of the year again!

Verizon released its Data Breach Investigations Report for 2016. For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches. The current report analyzes over 100,000 incidents that occurred in 2015. It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading →

Cybersecurity Awareness Month – Industry Teleconference

October 29, 2015November 3, 2015 Amy Bucklin

I hope everyone enjoyed October’s Cybersecurity Awareness Month as much as I did. To end the month, the FDIC held an industry teleconference on October 28^th. The teleconference included updates on the cybersecurity landscape, cybersecurity assessment tool (CAT) and information sharing with a brief Q&A that followed. Contine reading →

Cybersecurity Assessment Tool: An Update

October 8, 2015November 3, 2015 Amy Bucklin

The FFIEC issued a tool in June of this year to aid financial institutions (FI) in identifying and mitigating cyber risks. The verdict is still out on whether or not this tool is a requirement, highly recommended or completely optional. Upon first look at this tool in PDF format, it can appear confusing and cumbersome. So let’s first break down the pieces of the CAT and then I’ll explain how Traina & Associates can help you with your CAT if you choose to implement this at your FI. Contine reading →

Beware of Email

May 19, 2015May 19, 2015 Amy Bucklin

If you’re like me, on some days, email seems to be your primary form of communication. I’m not proud of that, but it’s the truth. Second to email would be our internal instant messaging system. With all of this electronic communication, I abide by the golden rule of never exchanging any confidential or sensitive information via email or instant message. Why? EMAIL IS TOO RISKY!

Contine reading →

FFIEC Checklist – Destructive Malware and Cyber Attacks

May 7, 2015May 12, 2015 Amy Bucklin

The FFIEC (Federal Financial Institutions Examination Council) released two statements regarding two critical threats, destructive malware and cyber attacks to obtain compromised credentials. These statements do not serve as new guidance or regulatory expectations; however, they identify specific controls to mitigate the risks related to malware and cyber attacks.
Contine reading →

Phishing: Biggest Threat for Healthcare in 2015?

April 30, 2015February 1, 2017 Amy Bucklin

Surely we still cannot be falling victim to phishing emails! If you look at the latest breaches in the health care industry, you will quickly see that this is exactly what is happening. In the breach aftermath, most of these breaches are deemed as “sophisticated attacks,” but we can’t possibly be categorizing phishing as “sophisticated” now, right?
Contine reading →

The 3 D’s of Managing Your Inbox: Delete, Delegate, or Deal With It

April 23, 2015May 12, 2015 Amy Bucklin

Everyone is familiar with the feeling of looking at your inbox and seeing about 40 unread messages that arrived while you were away at a meeting or other engagement. A massive number of emails in your inbox is a stress producer. I have three tips to help reduce that stress.
Contine reading →

Welcome

April 21, 2015May 12, 2015 Amy Bucklin

Welcome to my blog and thanks for reading. I’ll regularly share tidbits of information pertaining to the efficient use of technology, securing technology, the changing workplace and workforce and other thoughts that can help you improve your professional and personal use of technology. If you are like me, you are alarmed any time you read the news and see a headline of a new breach or vulnerability. Here we’ll dissect the latest data breaches and also discuss the current vulnerabilities you need to be aware of.
Contine reading →