The challenge with getting ready for your NCUA IT exam

by: Robin Remines

According to the January NCUA Report, “In 2015, NCUA will redouble its efforts to ensure that the credit union system is adequately protected from cyber threats. Field staff will be reviewing credit unions’ ability to manage information security, including their capacity to detect cyber-attacks and perform sound due diligence with regard to any third-parties that handle credit union data.”

And if that’s not enough to get your blood pressure up, the report emphasizes that cyber security is among the three supervisory priorities for 2015 (interest rate risk and BSA Compliance are the other two).

And to keep it interesting – NCUA will also be focusing on credit unions’ ability to recovery from a security breach – in other words – where is your Incident Response Program?

It is clear that NCUA isn’t taking cyber risks lightly. And while the attention is warranted, credit union CIO’s are left without specific guidelines on what specifically “adequately protected” means. This reminds me of when I was a VP/IT at a credit union and NCUA required a pandemic plan.  We all knew we needed a plan yet were left wondering if our efforts would really be effective if that scenario was played out.

continue reading »