Two sometimes inter-related crimes pose a threat to your bottom line: phishing and identity fraud. For that reason, we have pulled together a comprehensive set of articles, links, Q&As and tools relating to each of them.
Bankers everywhere have been asking us for guidance. In response, BankersOnline.com has established InfoSec Clearinghouse to foster the exchange of information security ideas and knowledge among financial institutions.
Here, you'll find
links to a host of sources for policy language,
best practices information,
samples of actual policies drafted by financial institutions.
Share your thoughts and ideas about composing a workable information security policy and learn from others. That's the purpose of this page.
How do you draft and maintain an information security policy and program that
meets the regulatory requirements,
provides an appropriate framework for information protection, and
insulates you from liability?
Please contribute! We encourage you to submit your ideas, whether it is the entire policy or just a section that you think works particularly well. To contribute your policy to the Clearinghouse, simply attach it to an email to email@example.com. (Note: Do not submit copyrighted information!)
For obvious reasons, the financial institutions which have submitted the policies are not identified at this time so their anonymity is assured. As the archive of policies grows larger, we will acknowledge contributors (again, without tying them to specific policies).
Although the explicit information security guidelines in the banking realm are new, the field of information security is not and the federal government, through NIST (National Institute of Standards and Technology), has developed some outstanding materials relating to security plans for information technology systems. These materials can provide an excellent resource for you.
Guidelines Establishing Standards for Safeguarding Customer Information.
Risk Management of Outsourcing Technology.
Infrastructure Threats from Cyber-Terrorists.
Technology Risk Management: PC Banking.
Technology Risk Management.
Federal Reserve Board
The following documents are all available at this FRB Web page, with the documents
grouped by year of issuance (the first two numbers of the document number reflect the
year of issuance): http://www.federalreserve.gov/boarddocs/SRLETTERS/
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.