Between April and May of 2011, a number of financial institution regulators issued alerts to their respective regulated institutions and technology-related service providers, reiterating the need to sufficiently protect and secure bank and customer information. Institutions were reminded that most security breaches are a result of internal failures to maintain controls against unauthorized access to electronic data or systems. With the increasing sophistication of tools and techniques used to infiltrate banking systems, the regulators highlighted the importance of proper risk assessments to evaluate information security programs to prevent and detect unauthorized security breaches.
The releases specifically reference recommendations made by the National Security Agency in its Information Assurance Advisory dated March 28, 2011, in the U.S. Computer Emergency Readiness Team’s Early Warning and Indicator Notice 11-077-01A Update, as well as in previously issued FFIEC guidance. Copies of the releases may be found at the following links: www.occ.treas.gov/news-issuances/alerts/2011/alert-2011-4a.pdf (OCC); http://www.ots.treas.gov/_files/25383.pdf (OTS); www.ncua.gov/Resources/RegulatoryAlerts/Files/2011/11-RA-03.docx (NCUA).