Tuesday, February 17, 2015

Cybersecurity...


Cyber-security: Wac*A*Mole
... a constant struggle.
Cyber-security, hacking, and breaches are now everyday issues of concern in the world of credit unions - and rightfully so.  System security failures are costly in terms of time, resources, member inconvenience, and organizational credibility.  

 Member trust is achieved only with great difficulty, and can now be lost in a cyber-second.

 Regulatory agencies have taken note of the heightened risks of disruption and fraud.  We are sure to see greater scrutiny and increasing regulations in this area.  NCUA has used the rising cyber-threat to justify its request to Congress for authority to "supervise" all CU third-party vendors.  NCUA would like to apply its cyber-security expertise to third-party credit union IT providers in particular.
Government Affairs Conference 2014
In fact Chair Matz had the following to say about the topic at last year's CUNA Government Affairs Conference (GAC):

 "You may be surprised to know, you are not the only ones who get examined on important information-security measures.  Like other government agencies, NCUA must adhere to strict security standards."

 "Every year NCUA's Inspector General oversees an audit of our information technology controls and security procedures.  NCUA has security measures in place to protect your members' information.  To log in, examiners use secure government smart cards and both their hard drives and thumb drives are encrypted."   - Chair Matz, GAC - 2014,  Washington, D.C.

 Wasn't quite sure how to reconcile that clear affirmation from the Chair about "your member's information" and "thumb drives are encrypted" with this little story:  Palm Springs FCU Members Get The Shaft.



 NCUA's proposed solution to this "self-hack"?  Was to propose a regulation to require credit unions to encrypt credit union thumb drives!: It's Never Our Fault!
Let's add this up:

 1) Chair Matz says NCUA has great IT security procedures.
2) NCUA would like to apply that expertise to 3rd-party CU data processors.
3) NCUA self-hacks ( and doesn't admit it in a timely fashion).
4) NCUA proposes additional regulation on CU's to resolve NCUA's internal security lapse.
How does this sound to you? How would you rate NCUA's logic, actions and statements?


a) True 
b) False
c) A bit absurd
d) Definitely a larry !
Posted by at
Labels: ,

3 comments:

Anonymous said...

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Feb 17, 2015, 8:51:00 AM
Anonymous said...

Chairman Matz once asked how do you spell relief?
Answer: Bye bye.

Feb 17, 2015, 9:40:00 AM
Anonymous said...

It's clear there is no logic to the actions NCUA takes nor the statements the Queen makes.

Feb 17, 2015, 11:17:00 AM

Post a Comment

Subscribe to: Post Comments (Atom)