Cyber & IT Supervisory Forum - November 2023

Internal Use Only

State Regulator Exam Your agency has joined a multi-state examination of Acme Mortgage Subservicer in the aftermath of the ransomware attack. The examination is scheduled to be onsite on October 2nd, approximately 120 days after the incident occurred. The exam will evaluate the company's response to the incident and assess the implementation of safeguards to protect against future attacks. In addition, the exam team will review compliance with state (and federal) laws regarding data breach incidents.

25

Internal Use Only

Discussion Questions 1. Before going onsite, what documents and pieces of information would you request? Is there anything additional you would request once you arrived onsite? 2. What questions would you ask the company about their incident response plan? 3. What questions would you ask the company about their business continuity plan? 4. How would you verify that the necessary notifications have been made within the required timeframes to the appropriate regulators? 5. What safeguards and security measures are you looking for the company to implement to prevent and protect against future attacks? Instructions • Discuss each of the questions at your table • Be prepared to provide a summary to the group • Table Discussion: 13 minutes; Summary Report: 7 minutes

26