Risk Alerts
Risk Alerts provides the latest risk guidance, best practices, upcoming webinars, resources, and information related to organizations in the financial services industry. Receive weekly updates, with a summary of only the most relevant announcements from almost 30 organizations, including regulators, standard-setting agencies, and third-party experts. The list below includes risk alerts from the past month:
NSA Publishes Guidance for Strengthening AI System Security
The National Security Agency (NSA) is releasing a Cybersecurity Information Sheet (CSI), “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems.” The CSI is intended to support National Security System owners and Defense Industrial Base companies that will be deploying and operating AI systems designed and developed by an external entity. “AI brings unprecedented opportunity, but also can present opportunities for malicious activity. NSA is uniquely positioned to provide cybersecurity guidance, AI expertise, and advanced threat analysis,” said NSA Cybersecurity Director Dave Luber. While intended for national security purposes, the guidance has application for anyone bringing AI capabilities into a managed environment, especially those in high-threat, high-value environments. It builds upon the previously released Guidelines for Secure AI System Development and Engaging with Artificial Intelligence.
Issue Date: 4/15/2024
NSA Issues Guidance for Maturing Data Security
The National Security Agency (NSA) is issuing guidance for maturing data security and protecting access to data at rest and in transit. The recommendations in the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Data Pillar,” are intended to ensure only those with authorization can access data. The capabilities outlined in the CSI integrate into a comprehensive Zero Trust (ZT) Framework. Since releasing the “Embracing a Zero Trust Security Model” Cybersecurity Information Sheet in February 2021, NSA has continued to release updates and related products that provide guidance on how to adopt a ZT mindset to secure systems. The seven pillars of ZT architecture are as follows: user, device, network/environment, applications and workload, visibility and analytics, automation and orchestration, and data. This CSI recognizes the value of the data pillar and how its capabilities mitigate risk, including the use of encryption, tagging and labeling, data loss prevention strategies, and application of data rights management tools.
Issue Date: 4/9/2024
Cybercriminals use ChatGPT’s prompts as weapons
Developed by OpenAI, ChatGPT has garnered attention across industries for its ability to generate relevant responses to various queries. However, as the adoption of ChatGPT accelerates, so do discussions surrounding its ethical and security implications. Organizations grapple with questions about data privacy, content moderation, and potential misuse. Cybersecurity experts discuss various aspects of ChatGPT and its implications for cybersecurity.
Issue Date: 3/25/2024
20 essential open-source cybersecurity tools that save you time
The article includes 20 essential open-source cybersecurity tools that are freely available to developers working to find practical solutions to many problems, one of them being saving time.
Issue Date: 3/25/2024
Adobe and Microsoft partner to bring new generative AI capabilities to marketers as they work in Microsoft 365 applications
The FDIC’s Risk Management Manual of Examination Policies (RMS Manual) was updated. Section 15.1 – Formal Administrative Actions: Updates to Section 15.1 include clarification of aspects of Sections 8, 38, and 39 of the Federal Deposit Insurance Act, referencing the community bank leverage ratio, and other technical edits. The link has been provided in this alert the the updated section, which is 13 pages in length.
Issue Date: 3/18/2024
The FDIC’s Risk Management Manual of Examination Policies (RMS Manual) was updated. Section 15.1 – Formal Administrative Actions: Updates to Section 15.1 include clarification of aspects of Sections 8, 38, and 39 of the Federal Deposit Insurance Act, referencing the community bank leverage ratio, and other technical edits. The link has been provided in this alert the the updated section, which is 13 pages in length.
Issue Date: 3/6/2024
Agencies Monitored:
- National Institute of Standards and Technology (NIST)
- SysAdmin, Audit, Network, and Security (SANS) Institute
- International Organization for Standardization (ISO)
- Cybersecurity & Infrastructure Security Agency (CISA)
- National Cyber-Forensics and Training Alliance (NCFTA)
- Federal Financial Institutions Examination Council (FFIEC)
- Cybersecurity Dive
- White House Communications (Executive Orders)