02/16/2004
Our bank is rewriting our security policy/procedures. Basically, we are starting from ground zero and now have a Security Director who will oversee the security program for the bank. Do you have any reference material or pointers on whow to begin building this department?
05/19/2003
Does Reg E address how banks should handle non-customers reporting lost ATM cards? For example, a customer leaves his card at a merchant and the merchant calls the bank to report it.
02/03/2003
I would welcome any suggestions regarding how to conduct an information technology risk assessment.
07/01/2002
I currently report to the Senior Manager in charge of Technology and Operations. There is discussion about me reporting to the Senior Retail Banking Manager. I am looking for some resources that provide a discussion about the area of the bank the security officer position should fall within.
06/03/2002
Does the Bank have a responsibility to file a SAR on those individuals who attempt to "hack" into our computer system? If so, what if we do not have much information on them to complete the SAR with?
03/11/2002
With the changing world of banking due to the infusion of information technology, what do you see as the role of the bank's security officer and the challenges ahead?
08/06/2001
We have a message posted on our Web site that tells customers not to submit emails that contain sensitive or confidential information and that tells them not to use email for specific transaction-related requests. Our system gives us the capability of doing auto-responders to any email submitted. We have drafted an auto-responder that thanks the sender for their message, acknowledges that it was received, but basically reiterates our policy about how they shouldn't be sending confidential or sensitive information or anything about a specific transaction or account. It has been suggested that we might want to add something to it to say something like "We will not act upon email requests for funds transfers, stop payments, account closings, or fraud notifications. These must be done either in person, or by calling such and such number." I'd like to know whether you think this is a good approach or whether there's a better way to handle this. We almost considered not even posting an email address on our site at all to just stop the email.
07/02/2001
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.
01/15/2001
The federal banking regulators have agreed to on final Interagency Guidelines Establishing Standards for Safeguarding Customer Information ("Guidelines"). You previously wrote two articles for us on the proposed guidelines. (See <a href="gurus_technology1211.html">Part 1</a> and <a href="gurus_technology1218.html">Part 2</a>.) Were there any surprises for you in the final version of Interagency Guidelines Establishing Standards for Safeguarding Customer Information? And could you give us a quick heads-up on what the final guidelines provide?