As possible security intrusions increasingly pose a threat to online banking, we have "enhanced" our PIN change requirements for our customers. We would like to do a mailing to our customers talking about Internet Banking security for our customers, we believe a "3rd party" brochure or marketing piece may have more effect or at least back up our reasons for increased security levels. Do you know of any good articles or brochures we could pass along to our customers? The only piece I've been able to find so far is "Tips for Safe Banking Over the Internet" by the FDIC. However, the portion that talks about PIN number security is very brief.
I am an internal auditor and part of my duties involve performing an Information Technology and Securities Audit. Do you know of any seminars or training courses that might help me gain a better understanding of IT. I have never had any type of formal training on this subject.
By Barbara E. Hurst, Editor
Can you recommend a good source or template for creation of an e-commerce enabled web hosting contract thatprotects a bank against liability with regards to its customers?
In a recent audit by the OTS I was asked to provide a seperate Strategic Plan for the IT area. Do you know where I can get a copy of one to use as a guideline, or an outling or format. I appreciate any help that you can provide.
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.
I have installed the BlackIce Firewall on our internet PC at the bank. Yesterday it detected an intruder and successfully blocked them. It gave me their IP address but no other information was available. I have reported it to the President, what else should I do? Do I need to call the FDIC or just document that it happened? BlackIce provides a way to see where it came from and all it told me was Asian-Pacific origin. This is a new process for us and has me somewhat on edge.
Can you refer me to anything that would assist me in knowing what should be performed for monitoring our online banking Web site? I've been through bank security seminars that cover non-technology security. Our external auditor was not able to assist us.