Blog
Prevalent-Blog-Logo

Why Discovery Automation (with NEW CloudID) Is Important to Your Third-Party Risk Program.

One of the areas that our clients often complain about is not knowing who their third-party service providers, cloud vendors, and software providers are.  This creates a significant gap in their third-party risk efforts because it is possible that there are providers with access to sensitive data not being appropriately assessed and monitored from a cybersecurity perspective.

Read More

Prevalent-Blog-Logo

The FFIEC issued its general findings from an assessment of over 500 community based financial institutions this summer. In its November 3rd   press release1, the FFIEC discussed the growing need for tighter cybersecurity measures and indicated that it was already in the process of reviewing and updating the existing guidelines for managing cybersecurity risk.

Read More

Prevalent-Blog-Logo

In reviewing recent security incidents at several New York City banks, an article in the October 21st New York Times1 focused on an ever recurring theme – the need to closely scrutinize how well a financial institution’s vendors provide IT security to protect access to data and systems.  While the theme itself isn’t new, the article revealed that the Treasury Department is now engaged in a “sweeping effort”1 to require banks to increase their procedures for determining if vendors are adequately protecting their data and access to their systems.

Read More

Prevalent-Blog-Logo

It’s the 21st century – your cyber-security assessments cannot afford the “one and done” approach of yesterday.

Modern information systems, comprised in large part by computer networks, contain a myriad of intertwined technologies – databases, applications, networking devices, web services and email just to name a few. All of these technologies are provided by diverse platforms at various release levels. Throw human users with varying roles and privileges into the mix and the resulting level of complexity makes an effective information security program an imposing challenge. Businesses are feeling the pressure of meeting the needs for global connectivity, e-commerce transactions, and online business-to-business communications while maintaining security programs to protect their information assets. Privileged account control, patch management, configuration management, and data backup are some of the hurdles to be cleared.

Read More