I just read in ABA Bankers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
I just read in ABA BAnkers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
I have been hearing from some fellow bankers that their examiners are stating that it is required as part of BSA for the bank to perform due diligence on their service providers as it relates to hacking instances. In particular they are requiring clauses in their third party contracts which require notification to the bank within a certain number of hours on all hacker attempts. This sounds like a good idea and sounds more like a Privacy issue, but I can't find in BSA where this is required.
Does the Bank have a responsibility to file a SAR on those individuals who attempt to "hack" into our computer system? If so, what if we do not have much information on them to complete the SAR with?
Where's a good source for obtaining the basic knowledge needed for a novice to conduct an audit for the areas electronic banking and Internet banking?
We are trying to make a checklist of types of disclaimers we should think about using in connection with the Internet. Do you have a list?
What are the information security needs of a bank?Which laws/guidelines deal with information security needs of the bank?What are the steps involved in designing a security policy for a bank?
DirectPointe provides managed computing services that include remote PC and Network Management services. We are working with a community bank in Utah that is interested in our services, but is concerned with any regulatory issues that may not allow us to have remote access to their network and PCs (since their network is connected to a service bureau, which has confidential information). Can you provide any information/insight into this issue? Can we provide remote services and if so, does our company need to meet certain requirements? Please let me know if you have recommendations.
Are we required to notify our customers of possible computer intrusions? Where can I find regulatory information regarding intrusions or hacks and the notification of customers?
INFORMATION SECURITY PROGRAM
Bank management shall, through an effective Information Security Program (the Program):