Articles

By: (Security+)

Publication: The Community Banker , Winter 2017

VACB Winter 2017The thought of reviewing a financial statement can be scary. While financial statements have similar elements, they are far from standardized and can be complicated to understand. Here are six tips to help simplify the scope of financial statement reviews.

Obtain Financial Statements

The first and easiest step in conducting a successful financial statement review is obtaining the financial statements.

Publicly Traded Companies are required to submit audited financial statements to the Securities and Exchange Commission (SEC) at least annually. The largest and most complex companies submit even more frequently. Often, these financial statements are published online and can be found with a quick web search. I find that searching “[Company Name] Financial Statements” or “[Company Name] Form 10-K” frequently turns up what I need.

Read Full Article

 

By: (Network+, CISA)

Publication: The Nebraska Banker , November/December 2017

NBA November/December 2017From our desktops to our phones, we are a connected society. We check email, social networking sites, news sites, message boards, and a large variety of other websites on a daily basis without thinking about the security implications of having billions of devices connected to countless interconnected servers that are run by people we have never met through an Internet infrastructure that was created without security in mind. While this is scary enough to think of from a personal standpoint, it has even larger implications for businesses that store and transmit confidential company and customer data. There are, however, actions that can be taken to help mitigate some of the security concerns that go hand-in-hand with Internet browsing.

Read Full Article

 

By: (GCIH, GPEN, GWAPT)

Publication: The Kansas Banker , December 2017

KBA December 2017It seems that every week a news story appears detailing new hacking activity originating from organized groups with interesting names such as Energetic Bear, Rocket Kitten, Crouching Yeti, Night Dragon and Sad Panda. While these names are colorful, the groups they are associated with are deadly serious. One might think that these groups are interested only in government or military secrets. However, businesses from all sectors are subject to attack. Successful compromises have been detected in areas such as power and water utilities, communications, and in businesses holding personally identifying information. The motivations behind these attack groups are tied to political, commercial, and security needs. When considering this, it becomes obvious that all businesses and many individuals have information that would be valuable to the groups. Making the problem more complex, many organizations do not realize they are compromised until they are notified by an external source, usually law enforcement.

Read Full Article

 

By: (Network+, CISA)

Publication: The Kansas Banker , Oct/ Nov 2017

KBA October / November 2017From our desktops to our phones, we are a connected society. We check email, social networking sites, news sites, message boards, and a large variety of other websites on a daily basis without thinking about the security implications of having billions of devices connected to countless interconnected servers that are run by people we have never met through an Internet infrastructure that was created without security in mind. While this is scary enough to think of from a personal standpoint, it has even larger implications for businesses that store and transmit confidential company and customer data. There are, however, actions that can be taken to help mitigate some of the security concerns that go hand-in-hand with Internet browsing.

Read Full Article

 

By: (Security+)

Publication: Nebraska Banker , Sept/Oct 2017

NBA September/October 2017A SOC report is one of the most valuable due diligence documents you can obtain from your vendors. A SOC report describes a vendor’s systems and indicates if those systems are designed to protect you, as a user. While the first step in obtaining a SOC report from your vendor is fairly simple, the second step involves reviewing the report, which requires a bit more effort.

This article will highlight the basics of reviewing a SOC report. SOC reports have fantastic structure. You can find most of the information you need in the brief Independent Service Auditors Report section of the document.

Report Type

Read Full Article

 

By: (GCIH, GPEN, GWAPT)

Publication: The Community Banker , Fall 2017

The Community Banker Fall 2017Recently I took my five year old daughter to the doctor for a general wellness check-up and her dreaded kindergarten immunizations. They were the standard immunizations children receive at various points in life. When the nurse was finished, she mentioned that we both needed to get the flu vaccine in a couple of months. I began to think about the flu vaccine. Each fall we hear about it from media, doctors, and pharmacies. The Centers for Disease Control and Prevention website states that the seasonal influenza (flu) vaccine is designed to protect against the three or four influenza viruses research indicates are most likely to spread and cause illness among people during the upcoming flu season. Some years the flu vaccine is very effective since the prediction of flu viruses that would be circulating was right. However, other years the vaccine is not effective at all, resulting in flu outbreaks across the country.

Read Full Article

 

By: (GCIH, GPEN, GWAPT)

Publication: The Colorado Banker , September/October 2017

Colorado Banker Sept/Oct 2017It seems that every week a news story appears detailing new hacking activity originating from organized groups with interesting names such as Energetic Bear, Rocket Kitten, Crouching Yeti, Night Dragon and Sad Panda. While these names are colorful, the groups they are associated with are deadly serious. One might think that these groups are interested only in government or military secrets. However, businesses from all sectors are subject to attack. Successful compromises have been detected in areas such as power and water utilities, communications, and in business holding personal identifying information. The motivations behind these attack groups are tied to political, commercial, and security needs. When considering this, it becomes obvious that all businesses and many individuals have information that would be valuable to the groups. Making the problem more complex, many organizations do not realize they are compromised until they are notified by an external source, usually law enforcement.

Read Full Article

 

By: (Network+, CISA)

Publication: Nebraska Banker , June/August 2017

Nebraska Banker July/August 2017There was a time, seemingly not so long ago, where business cell phones had clunky keyboards, terrible screens, and limited every-day functionality outside of making calls and checking emails. The introduction of the iPhone in 2007 changed all of that, combining not only the abilities listed above but also a music player to drown out the cubicle noise in the office, simple games to keep a person distracted from actual productivity, and a decent digital camera which enabled users to fill their storage with photos of their food, children, grandchildren, and pets. While these new features were great for the average consumer and led to an increased adoption of smart phones, they created an additional headache for businesses with regard to balancing device security and user data on small, easily lost, and often personally-owned devices. Users began wanting access to their business email on these smart phones yet still have control over the devices themselves. This issue persists to this day, on phones as well as tablets, and it is imperative that controls are in place to ensure company data is kept safe.

Read Full Article

 

By: (CISSP, CISA, Security+)

Publication: The Kansas Banker , July 2017

Kansas Banker July 201In the past, the Board has always been expected to make strategic decisions, choosing what was best for the overall success of their institution.  For most institutions, these decisions were made with little information or regard to cybersecurity.   As threats to our information security evolve, so do examiner expectations for the Board of Directors. 

With the release of the FFIEC’s Cybersecurity Assessment Tool in 2015, we saw specific examiner suggestions for improving Board oversight of an institution’s cybersecurity program and posture in their Overview for Chief Executive Officers and Board of Directors. The picture painted throughout all the suggestions provided is that of a Board who understands cyber risks and makes risk-based decisions.  That picture may or may not be an overwhelming shift for your institution, but I think for the vast majority of us, there is room for growth in this area.  For institutions with a large gap their current Board oversight of cybersecurity versus where they need to be, here are a few things to start with:

Read Full Article

 

By: (ISACA Cybersecurity Fundamentals, CompTIA A+, Security+)

Publication: The Kansas Banker , September 2017

Kansas Banker 2017You're standing on the edge and everyone is cheering you on! The waters look deep, blue and promising, far below. As you look around, everyone else seems to be taking the plunge, smart devices gripped tight, right into "Bring Your Own Device."

A step closer to the edge. A faint glint on the water. Is that a fin? Just a dolphin playing in the sun, you decide. You exhale, take a deep breath and then…

"Wait!" a friendly voice cries out as a figure runs frantically in your direction. It’s your auditor!

Read Full Article