Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch
Em@il Education

Examiner's Corner

Executive Briefing

Infovault

Launch Pad

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification

Record Retention


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 

About Advertising
About Our Sponsors
About Us




Print Friendly! Email This Article! Discuss NOW!


IT Security Checklist



Question:   After a recent IT examination the regulators recommended the IT policy be revised to include security standards that could be audited. Is there a check list to review for our policy?

Answer:   IT policies have undergone considerable changes the past two years to accommodate changing IT environments, and increased emphasis on information security. In addition to digital information, all information in the bank should be included. With regard to digital information, we offer the following check-list:
  1. Outer wall or first line defense: fire walls.
    1. Designate firewall to be used. (make, model)
    2. Who is to have access to firewall?
    3. How often are settings to be reviewed?
    4. Document reviews
  2. Second line of defense, access to network
    1. Who has access to network?
      • physical access
      • Logical access
    2. Set levels of access for those with access
      • administrative rights
      • read, write access
      • read only
      • password requirements
      • time network available
  3. Third line of defense: Applications: Specify acceptable applications on network.
    1. Set level of security for each application.
      • Core processing, set levels of access within core processing applications, password requirements
      • Other Applications - who has what access
  4. Fourth line of defense: review usage reports, and document reviews for unusual and improper access.


Stout & Deines, Inc. Stout & Deines is a consulting firm specializing in all areas of regulatory compliance. We provide sound, credible solutions to regulatory issues, through hands on assistance, staff education, and consistent follow-up.

First published on BankersOnline.com 5/1/06






Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.