MADISON, Wis. (6/16/15)--CUNA Technology Council has released a blueprint in the form of a white paper on how credit unions can prepare for cybersecurity compliance exams.
Called “Cybersecurity Compliance: Preparation and Protection,” the paper outlines the critical information a credit union needs to prepare itself, including:
The paper calls on a number of credit union professionals who have gone through the cybersecurity exam to provide insight based on their experiences.
For example, Laura Thompson, senior vice president/chief information officer, Orange County’s CU, Santa Ana, Calif., provided insight into what examiners may focus on when visiting a credit union.
For two days, “we spent about four to five hours logging into our various security system portals,” Thompson said in the paper. “The examiner wanted to see how our options were set in each of these systems and who the users were. He wanted to know if logs from the various systems were correlated and reviewed for anomalies.”
Added David Glod, vice president of information security at Mountain America CU, West Jordan, Utah: “To better prepare for your next NCUA Cybersecurity exam, evaluate where you are in your cybersecurity stance, compare it to an industry accepted standard, and take a risk-based approach to remediating vulnerabilities.”