Security Compliance Associates (SCA) will conduct an evaluation of your institution's arrangement with 3rd parties that process, maintain,or are granted access to non-public information. The process will review whether the 3rd party service provider's business processes include appropriate physical, administrative and technical safeguards to protect non-public information against unauthorized access or use.
SCA will review the measures a service provider takes to protect non-public information and, when appropriate the controls the service provider has to ensure any sub-contractor it uses employs appropriate security measures.
Due diligence will include, as appropriate:
- A background evaluation consisting of verification of recent references appropriate to the job the service provider proposes to perform
- A check of local Better Business Bureau complaint files
- A check of Federal Trade Commission complaint files
- A review of the company's years of experience and an evaluation of the qualifications of its key employees
- A review the service provider's insurance and bonding coverage including errors, omissions, property, casualty, information losses, dishonesty or fraud.
Review of your contracts with service providers will determine if the contracts contain:
- Acceptable confidentiality and non-disclosure provisions
- A requirement the 3rd party service provider comply with all applicable state and federal privacy and information security laws and regulations
- A requirement that the service provider to take appropriate action to address incidents of unauthorized access to the institutions member or customer information
- A requirement that the service provider disclose breaches in security resulting in unauthorized access to non-public information or to systems where the information is maintained
Microsoft yesterday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server. While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators.
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.
Morgan Stanley Smith Barney is the latest company behind Sony and Epsilon to have its customers' personal data compromised.
A gang that made more than $72m (£45m) peddling fake security software has been shut down in a series of raids.
