MADISON, Wis. (12/31/15)--A new white paper from the CUNA Technology Council addresses the challenges of information technology (IT) risk management.
“IT Risk Management” posited that enterprise security has been focused on people and products: Firewalls and intrusion prevention systems protected the perimeter, and antivirus software provided extra protection on the inside.
However, as new technology is implemented, operational processes increase significantly for IT staff, as do the risks to which the credit union is exposed.
Credit unions also need to stay current with new regulatory requirements and a constantly changing security threat landscape.
When focusing on IT risk management, the paper said, it is important to start with the basic objectives and have a clear focus of what will be accomplished. Solid IT risk management also supports enterprise risk management and contributes directly to the credit union’s strategic goals and objectives.
“I am like a traffic cop who offers guidance to the IT team” said Matt Fagala, information security officer, Vantage CU, Bridgeton, Mo. “My position was created in response to the increased number of attempted attacks we were seeing on our firewall, and also the number of spear-phishing attempts.”
Fagala said the credit union took a proactive approach to risk management by developing a security awareness training program to educate employees and members.
“There is no such thing as a ‘turn-key’ IT risk management solution,” the paper said. “It is a systematic process of determining what the credit union has and how to protect it.”
CUNA Council members are eligible to receive complimentary copies of this white paper, available alongside hundreds of other white papers at www.cunacouncils.org.