Q. Is the program and the customized incident response plan reviewed by the bank examiners? A. Yes. In fact, one of the last banks that went through the program presented the plan and it was favorably received by the examiners.
Q. What does the entire service cost (insurance review, legal review, communications review, technical review, and customized incident response plan)? A. $5,000, plus any necessary, reasonable travel expenses.
Q. What is the value of the CBIR Program, if accessed outside the CBW? A. If a bank outsourced each element of the program (Legal, Insurance, PR, IT), the cost would be significantly more than $5,000. A tailored incident response plan alone typically costs substantially more than $5,000.
Q. What does the insurance review involve? A. Each insurance contract will be different. The CBIR insurance expert will look at both the cyber and the bond components of an insurance policy. But many times a review of the professional liability components will be necessary. Additionally, the CBIR team will review the limits, the policy terms and conditions, as well as the endorsements. In addition, the bank’s policy may have specific exclusions, or conditions precedent in order to trigger coverage—all of which will be reviewed.
Q. What does the legal review involve? A. The legal review is provided from both an information security and a regulatory perspective. It will involve a review of current online threats affecting banks, and a review of consumer and regulatory notification obligations in the event of a breach. It also involves a step-by-step review of the incident response process.
Q. What does the technical review involve? A. A thorough review of the bank’s IT processes, vulnerabilities and an information security incident table-top test.
Q. What does the crisis communication review involve? A. A comprehensive review of the bank’s existing crisis plan (if available), followed by a development of a crisis task force to ensure the right team is assemble to promptly address incidents.
Q. What is contained in the customized incident response plan? A. The CBIR Plan is mapped to a framework established by the National Institute of Standards and Technology, and involves four major breach response phases: preparation; detection and analysis; containment, eradication and recovery; and post-incident activity. The CBIR Plan includes incident response policies and procedures, an incident response checklist, a communications plan, evidence collection guidelines, legal and regulatory incident response guidelines, external communication guidelines, and an information technology incident notification form.