Credit Unions and Credit Union Services Organization (CUSO) have unique regulatory requirements and threats that impact their businesses. While many financial institutions and financial service providers outsource components of their operations, this does not relieve them of the responsibility for data protection and integrity. As such, SAVANTURE has worked with leading government agencies and providers to provide security services and supplemental consulting services to help Credit Unions and CUSOs reduce their risk to cybersecurity compromises as well as to meet regulatory requirements. Real Security for Credit Unions and Credit Union Services Organizations (CUSO).
SAVANTURE and Verto & Associates have teamed to provide custom solutions to meet industry and regulatory needs of Credit Unions and Credit Union Services Organizations (CUSO). Meeting the unique requirements for regulatory requirements and against cybersecurity threats.
Regulator requirements require:
Continuous Security Monitoring
- enabled by a combination of technology, processes and personnel. SAVANTURE provides:
Collection, Management and Retention of system logs (Syslog)
- for event analysis, trending and forensics. This is enabled primarily through technology. SAVANTURE provides:
- Log Management Service (LMS)
Continuous vulnerability and threat awareness
- for awareness of vulnerabilities and misconfigurations within your environment. This is enabled primarily through personnel, technology and processes.
- for compensating for the weaknesses associated with static username and passwords. This is enabled primarily through technology and processes. SAVANTURE provides:
Policy Management and Risk Management
Interpretive Ruling and Policy Statements (IRPS)
Information Technology (IT) – including e-Commerce, has several applicable regulatory Rules and Regulations. This guidance is intended to assist credit unions with the planning, implementation and evaluation of IT operations and initiatives.Examination of Independent Credit Union Service Centers (46 Fed. Reg. 44421; Sept. 4, 1981) Applicable Rules and Regulations:
|Rules and Regulations||Date Issued||Title and Description|
|12 CFR Part 748||04/14/2005||Security Program and Appendix B – Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice.|
|12 CFR Part 740||9/19/2002||Accuracy of Advertising and Notice of Insured Status – Addresses the adequacy of notification regarding the availability of federal share insurance when using the Internet to engage transactions.|
|12 CFR Part 721||7/26/2001||Federal Credit Union Incidental Powers Activities – Identifies activities deemed to be within the incidental powers of a federal credit union. Electronic Financial Services and Stored Value Products are addressed.|
|12 CFR Part 748||1/18/2001||Security Program and Appendix A – Guidelines for Safeguarding Member Information|
|12 CFR Part 716||6/5/2000||Privacy of Consumer Financial Information|
|12 CFR Parts 716 and 741||5/8/2000||Privacy of Consumer Financial Information; Requirements for Insurance|
Other Reference Material
500 community financial institutions and The Federal Financial Institutions Examination Council (FFIEC) piloted a cybersecurity examination work program in 2014. The document does a good job of outlining observed risk, inherent problems within the industry, and potential areas of improvement. The output document can be accessed at http://www.ffiec.gov/press/PDF/FFIEC_Cybersecurity_Assessment_Observations.pdf.
- Launched in 1999, FS-ISAC was established by the financial services sector in response to 1998’s Presidential Directive 63. That directive – later updated by 2003’s Homeland Security Presidential Directive 7 – mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure.
- The Federal Financial Institution Examination Council (FFIEC) recommends that financial institutes participate in the Financial Services Information Sharing and Analysis Center (FS-ISAC).
InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.