.doc version (right click on link and save the file to your hard drive)
InfoSec Service Provider Risk Assessment Matrix
The extent to which you must monitor the information security practices of a service provider will depend upon the type of entity it is and the sensitivity of the information to which it has access. Mary Beth Guard created this matrix to aid in the analysis of what level of scrutiny is necessary. (See related article.)
Information Security Best Practices Guide
This report explores the nature of the threats facing executives tasked with CMA (Computer-Managed Assets) protection, and discusses ways that the risks associated with those threats can be managed and mitigated.
Information Security and/or Internet Banking Risk Assessment Program
Here are a number of tools developed by a BOL user from various information sources for doing a risk assessment on information security and/or Internet Banking. The worksheets cover training issues, board and management oversight, contract issues, due diligence in service providers, oversight of service providers, and risk asseessments for policies ranging from disaster recovery to wire transfers.
Assignment Sheet - this identifies who will be assigned the specific assessment worksheet. - PDF format
Cover sheet - a cover sheet should be attached to each area being risk assessment, with the "item risk assessed" at the top of the page being changed to match the area assessed. - PDF format
Word versions of risk assessment program tools (RIGHT click on link and save file)
Assignment Sheet - this identifies who will be assigned the specific assessment worksheet. - Word .doc format - must right click on link and save
Cover sheet - a cover sheet should be attached to each area being risk assessment, with the "item risk assessed" at the top of the page being changed to match the area assessed. - Word .doc format - must right click on link and save
Internal Audit Risk Assessment
A friend from one of the schools shared this tool with Maris Roush. It is a risk assessment model that would be used to assist
with the audit scheduling. The model consists of two pages on Excel. The summary page will give an auditor a tool to prioritize his/her audits. She says it is the best she has seen because it is so simple and management can participate in it so they
have a "buy-in". Instructions: The data sheet is where the items are risk rated by both management and audit/compliance. Audit/Compliance would use column D then "hide" the column before printing and submitting to management for their assessment (column F). Column H calculates the two risk assessments. These assessments are then "pulled" into the Summary page by specific categories. Both use the numberical basis of 1 = low through 5 = high. The column D currently has example numbers in it with the totals coming to
100 in each area. Again this are samples and should not be mistaken as "actual" risk ratings.
Environmental Risk Policy & Program
Any time you loan money on real estate or, worse yet, have to foreclose on real property, there are environmental risk implications to consider. Upon the request of a BOL user, we've unearthed an environmental risk policy and program that Mary Beth Guard drafted back in 1993. If you don't already have such a policy and program, review this to determine where to start. If you do have one, you may still want to take a peek to see if it covers areas yours doesn't.
Alien Identification Procedures
BOL User Leslie Callaway has contributed information that relates to identification of alien customers and risk assessment data relating to lending to aliens, from diplomats to NRAs.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
