READ TIME: 10 minutes
WHO IT'S FOR: IT, Cybersecurity, and GRC stakeholders at small banks or organizations who service banks (such as FinTech, FinServe, or otherwise “finance-adjacent” companies).
WHAT'S IN IT: A detailed look at the May 2022 joint ruling by the Federal Deposit Insurance Corporation (FDIC), Federal Reserve Banks (FRB), and Office of the Comptroller of the Currency (OCC) called the Computer Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.
We delve deeply into the requirements of the regulation, the types of breaches that would warrant notification, what this means for the three lines of defense, and how Managed Detection and Response can help, especially when it comes to the new 36-hour breach notification requirement.
HOW IT HELPS: This asset provides details specific to the ruling that banks and finance-adjacent companies can use to understand whether they’re prepared. It frames the changes in relation to a defense framework that financials are familiar with (the Three Lines of Defense), and how Managed Detection and Response helps at each stage.