Bugcrowd’s Chief Information & Security Officer Nick McKenzie discusses the top cybersecurity challenges facing financial institutions.

As a more encompassing and modern approach that extends not only governance, risk and compliance capabilities but also Integrated Risk Management and Enterprise Risk Management, digital risk management provides new tools and techniques risk professionals can interweave into operations and technology with unprecedented detail to strengthening the enterprise.

The Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (collectively, the agencies) issued an interagency paper titled “Sound Practices to Strengthen Operational Resilience.” The sound practices paper generally describes standards for operational resilience set forth in the agencies’ existing rules and guidance for domestic banking organizations that have average total consolidated assets greater than or equal to (1) $250 billion or (2) $100 billion and have $75 billion or more in average cross-jurisdictional activity, average weighted short-term wholesale funding, average nonbank assets, or average off-balance-sheet exposure.

Authentic8 released the results of its 2020 Global Financial Crimes Survey, conducted in partnership with the Association of Certified Financial Crime Specialists (ACFCS).

Synopsys, Inc. published BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), created to help organizations plan, execute, measure, and improve their software security initiatives (SSIs). BSIMM11 reflects the software security practices observed across 130 firms from multiple industry verticals including financial services, FinTech, independent software vendors, cloud, health care, Internet of Things, insurance, and retail.

In the lead-up to the 2020 US elections, the nonpartisan global technology association ISACA surveyed more than 3,000 IT governance, risk, security and audit professionals in the US in January and again in July.

Oyster Consulting announced that Ed Wegener has joined the firm as a Managing Director with the Governance, Risk and Compliance team. Ed brings a deep knowledge of compliance, risk management and supervisory controls requirements and best practices for broker-dealers and alternative trading systems. 

ISACA's new COBIT guidance builds upon best practices shared for the governance and management of information and technology aimed at the whole enterprise through the lens of information security, and details additional metrics and activities that should be considered when implementing or assessing COBIT in the context of information security.