08/04/2003
As it relates to IT examinations, what are the top "hot buttons" for regulators?
07/21/2003
I've heard that IT examinations are much more rigorous these days. What are some general tips for surviving our next IT examination?
06/01/2003
If you want to feel good about your institution, check out the written agreement between NAB Bank of Chicago, Illinois, the FRB of Chicago and the State of Illinois Office of Banks and Real Estate.
02/17/2003
An issue has come up a couple times in the recent past: Our customers are sending emails directly to our employees, especially our commercial customers. The emails are not encrypted or password protected and they often contain non-public information - loan requests, updates on rent rolls, financial information on their company. Our customers want us to communicate in email form. We offer email that is encrypted via our Internet banking product. However, the lenders are telling me that their customers will not go through the inconvenience of logging in to Internet banking to communicate. Our Privacy Policy does extend beyond the minimum requirements of GLB; we opted to include commercial customers under the privacy blanket. Our E:Banking Policy does not address communication of non public information via email (incoming or outgoing). Does anyone have a practical solution to this growing concern?
02/03/2003
I would welcome any suggestions regarding how to conduct an information technology risk assessment.
01/06/2003
What are the specific requirements regarding the use of an Intrusion Detection System? Can we just check the log files of my PIX and verify that no unusual traffic has been logged? Or do we have to have an actual IDS in place that that alerts us via email, and /or pager in case of attack? We have 4 branch offices, of which 3 are connected to the main office via a wireless connection. We also have 4 home users that are connected via wireless connections. Do we have to have an IDS system for both the internet connection and the wireless connections?
06/17/2002
Could you suggest some qualified parties that do intrusion testing?
06/03/2002
With so much hype about getting the latest technologies in place to protect systems and networks, what is the real value in getting the right technology in place versus a focus on policies and procedures?
05/27/2002
04/29/2002
by Wayne Barnett
If you think you're spending too much on information technology, you're probably right