There was a time in my career as the VP/IT at a large credit unionwhere each time a new“threat” came outI was asked to write a policy or find a technology to mitigate the threat.First came internet threats so we get a firewall, then came virus/Trojans so we bought anti-virus software and later came data leaks so we purchased data loss prevention tools (DLP).The acronyms are as endless as the number of tools/strategies credit union’s have protecting the infrastructure – DMZ, IDS, IPS, etc. When it comes to IT Security strategies, its my opinion that this can expose your credit union to unnecessary threats/risks.Not so much because they won’t get the job done – there is just too much to keep a strong handle (monitoring, patching, etc.) on at all times!
At a recent Ongoing Operations Client Advisory board meeting several of our Credit Union CTO/CIO’s mentioned the challenges they were having maintaining and meeting NCUA compliance. One $500m credit union mentioned that despite a largeTechnology team, they were spending 8
