On December 3rd, the Texas Bankers Association (TBA), Independent Bankers Association of Texas (IBAT), and SWACHA hosted a cybersecurity event for banking executives, board members, and senior management called, “Executive Leadership of Cybersecurity (ELOC)”. At the conference, the Financial Services Information Sharing and Analysis Center (FS-ISAC) announced the availability of a free threat information sharing appliance that financial institutions can use to enter, store, and share threat information. The appliance is called Soltra Edge and the website says it “takes large amounts of complex threat information across communities, people and devices and analyzes, prioritizes, and routes it to users in real-time.” [more]
Here is some initial information:
On October 6, 2014, ISACA launched the Cybersecurity Fundamentals Certificate. The Cybersecurity Fundamentals Certificate is aligned with the Skills Framework for the Information Age (SFIA) and the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. [more] It tests for foundational cybersecurity knowledge in five areas:
To see ISACA's press release visit http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACA-Launches-New-Cybersecurity-Certificate.aspx
The Federal Financial Institutions Examination Council (FFIEC) today launched a web page dedicated to cybersecurity (http://www.ffiec.gov/cybersecurity.htm). The website is designed to be "a central repository for current and future FFIEC-related materials on cybersecurity." [more]
As a part of the Press Release announcing the launch of the cybersecurity web page, the FFIEC also noted the launch of the website "coincides with a pilot program at more than 500 community institutions, to be conducted by state and federal regulators, which will be completed during regularly scheduled examinations." According to the press release, the focus of the pilot program will be on:
This month, the New York State Department of Financial Services ("the Department") released results from a survey conducted in 2013 on cyber security. 154 institutions completed the survey, representing 60 community and regional banks, 12 credit unions, and 82 foreign branches and agencies. The survey asked questions regarding information security framework; corporate governance around cyber security; use and frequency of penetration testing and results; budget and costs associated with cyber security; the frequency, nature, cost of, and response to cyber security breaches; and future plans on cyber security. [more]
In conclusion, the Department states:
"As part of its continuing efforts in this area, the Department plans to expand its IT examination procedures to focus more fully on cyber security. The revised examination procedures will include additional questions in the areas of IT management and governance, incident response and event management, access controls, network security, vendor management, and disaster recovery. The revised procedures are intended to take a holistic view of an institution's cyber readiness and will be tailored to reflect each institution's unique risk profile. The Department believes this approach will foster smarter, stronger cyber security programs that reflect the diversity of New York's financial services industry."
This report comes on the hills of the FFIEC webinar, Executive Leadership of Cybersecurity: What Today's CEO Needs to Know About the Threats They Don't See in which the FFIEC introduced expectations of new examination procedures.
To read the full Report on Cyber Security in the Banking Sector by the New York State Department of Financial Services can be found here - http://www.dfs.ny.gov/about/press2014/pr140505_cyber_security.pdf
The Federal Financial Institutions Examination Council (FFIEC) issued statements today notifying financial institutions of the risks associated with cyber-attacks on Automated Teller Machines (ATM) and car authorization systems and the continued distributed denial of service (DDoS) attacks. [more]
To read the Press Release, visit http://www.ffiec.gov/press/pr040214.htm
To view the Joint Statement, Cyber-attacks on Financial Institutions' ATM and Card Authorization Systems, visit http://www.ffiec.gov/press/PDF/FFIEC%20ATM%20Cash-Out%20Statement.pdf
To view the Joint Statement, Distributed Denial-of-Service (DDoS) Cyber-Attacks, Risk Mitigation, and Additional Resources, visit http://www.ffiec.gov/press/PDF/FFIEC%20DDoS%20Joint%20Statement.pdf
Crucial M500 SSDs support self-encrypting drive (SED) technology which allows BitLocker for Windows 8 to simply be used for encryption key management rather than software-based encryption. Out of the box, the drive encrypts all written data and decrypts all read data - and functions like a non-SED drive until key management software like Windows 8 (and Server 2012) BitLocker is used. [more]
When you turn BitLocker on using Windows 8 and a compliant SSD like the M500, you don't have to wait for the whole disk to be rewritten and it's encrypted. Thus, you can encrypt the whole drive in a couple of minutes or less. As far as BitLocker and Windows is concerned, it functions just like traditional non-SED drives do regarding pre-boot passwords, recovery keys, etc.
An interesting spec is Crucial states their SSDs are designed to support 72TB total bytes written (TBW) - which is equal to 40GB per day for 5 years. It stands to reason that if you don't have to rewrite every byte of an SSD when you use BitLocker to encrypt or decrypt the whole drive, it should help the life expectancy of the drive.
So, since the drive I/O specs include the hardware encryption overhead, you lose no performance whatsoever when you implement whole disk encryption using BitLocker for Windows 8 on these drives.
A very basic description of Crucial M500 encryption can be found at
More specs are available (since this is a Micron drive) from:
On June 6th, the FFIEC announced the formation of a working group to further promote coordination across the federal and state banking regulatory agencies on critical infrastructure and cybersecurity issues. To read the Press Release, visit http://www.ffiec.gov/press/pr060613.htm