03/06/2003
01/20/2003
We have a policy and procedures on Safeguarding Customer Information. My problem is, FDIC EDP examiner wants more meat on it, such as; address logical and physical access controls to CIF. No incident response policies? I can't find the information in the Federal Register. Vendor oversight requirements have not been formalized, Can you direct me to any site that will have examples or answers to these questions?
01/06/2003
What are the specific requirements regarding the use of an Intrusion Detection System? Can we just check the log files of my PIX and verify that no unusual traffic has been logged? Or do we have to have an actual IDS in place that that alerts us via email, and /or pager in case of attack? We have 4 branch offices, of which 3 are connected to the main office via a wireless connection. We also have 4 home users that are connected via wireless connections. Do we have to have an IDS system for both the internet connection and the wireless connections?
01/06/2003
Our entire WAN is wireless. Are there any guidelines that state we have to have RADIUS, 3DES, WEP, or any other security measure in place? We have measures in place, just want to see what's required.
05/06/2002
The bank is uploading all of each day's new deposit statements to our ebanking vendor, including both statements for customers enrolled in Internet Banking and statements for those not enrolled in Internet Banking. For those who have enrolled in Internet Banking, we do have the permissible purpose of providing them access to their account statements; the ebanking vendor is providing this third-party service on the bank's behalf. However, for those customers who have not enrolled in Internet Banking, do we have a permissible purpose since the ebanking vendor is not providing a third-party service for these customers on the bank's behalf? [We do not offer an opt-out option.]
02/11/2002
I'm a new compliance officer and I need to know what regulations require employee training. I'm in the process of putting together a compliance training calendar for my bank.
08/20/2001
07/02/2001
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.
01/15/2001
The federal banking regulators have agreed to on final Interagency Guidelines Establishing Standards for Safeguarding Customer Information ("Guidelines"). You previously wrote two articles for us on the proposed guidelines. (See <a href="gurus_technology1211.html">Part 1</a> and <a href="gurus_technology1218.html">Part 2</a>.) Were there any surprises for you in the final version of Interagency Guidelines Establishing Standards for Safeguarding Customer Information? And could you give us a quick heads-up on what the final guidelines provide?