What's The "Information Security Risk Assessment"?
Answer by Michael Guard, BOL Guru BIO AND CONTACT INFO
Question: I just read in ABA Bankers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
Answer: The Risk Assessment is a phase you go through when constructing an Information Security Program. The reason the examiners are asking for your risk assessment is because it is considered a vital step in the formation of any information security program ("ISP"). Those institutions that followed proper procedures in developing their ISP will find that the risk assessment would have been documented during the process of creating the ISP. The Risk Assessment identifies all potential risks to a financial institutions' customers' data, assesses the likelihood of the threat and the potential severity of damage, and describes the countermeasures selected to control those risks. The risks should range from simple internal threats, such as unauthorized disclosures occurring through a third party looking at customer information on an employee's desk or computer monitor, to complex external threats like a computer hacker breaking into your computer system by virtue of an unpatched security flaw in some system.
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
