On April 18, the Office of the Comptroller of the Currency (OCC) issued an alert to CEOs of National Banks and other regulated entities. The alert highlights the need for national banks and their technology service providers (TSPs) to take steps to ensure their enterprise risk management is sufficiently robust to protect and secure the bank's own and their customers' information. The OCC explained that several recent security breaches have highlighted the need for national banks and their TSPs to perform periodic risk assessments of their information security programs with respect to the prevention and detection of security incidents. Most security-related incidents occur because of the lack or failures of basic controls that allow attackers to gain entry into a target environment through phishing, spear-phishing, drive-by malware injection and other techniques. Once attackers have entered an environment, they typically use sophisticated tools and techniques to gain access to sensitive data or systems. Successful attacks often compromise sensitive customer information or create fraud. The increasing sophistication of the tools and techniques attackers use often includes stealth or other means that make their detection more difficult.