01/20/2003
We have a policy and procedures on Safeguarding Customer Information. My problem is, FDIC EDP examiner wants more meat on it, such as; address logical and physical access controls to CIF. No incident response policies? I can't find the information in the Federal Register. Vendor oversight requirements have not been formalized, Can you direct me to any site that will have examples or answers to these questions?
01/06/2003
Are there any requirements or criteria for Penetration testing? Can we perform the penetration testing ourselves? If we hire a third party vendor, should we require documentation saying they are authorized by the Regulators to perform the tests or that the testing will meet certain standards? Does the penetration testing requirement only apply to wired network or do we have to have penetration testing on the wireless as well?
09/16/2002
I just read in ABA Bankers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
09/02/2002
I just read in ABA BAnkers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
07/01/2002
Where can I find the Interagency Joint Guideline Release for safeguarding confidential customer information?
06/06/2002
04/01/2002
Where's a good source for obtaining the basic knowledge needed for a novice to conduct an audit for the areas electronic banking and Internet banking?
04/01/2002
What noteworthy marketing developments can you share with us?
02/11/2002
I am unsure what type of service providers we need a confidentiality agreement with. Some examples are: appraisers, realtors, surveyors, Insurance underwriters, Inspection companies, title companies, janitroial services, attorneys used for legal purposes for the financial insitution, attorneys used for title searches and other legal work involving a loan, Insurance companies use to obtain insurance coverage for the bank.
02/04/2002
What are the information security needs of a bank?Which laws/guidelines deal with information security needs of the bank?What are the steps involved in designing a security policy for a bank?