Where does the FFIEC publish its IT booklets?
I am struggling to find vendors that offer responsive website design, and use a CMS that would be secure for the banking industry. We are a Fiserv bank and Fiserv is an option. I've talked with several web design companies in the St. Louis market, but they all recommend building with WordPress, which is probably not the most secure option. I am looking for
some referrals for vendors that build websites for banks or credit unions.
Our bank needs a risk assessment for Live Chat. Does anyone know where I can find one to begin working with so we don't have to reinvent the wheel?
We’re not sure we offer any mobile financial services (MFS). Can you give us some examples of what these are?
Our organization uses a vendor to service our mortgage loans. The vendor emails trial balance data, (loan numbers, names, balances, etc.) to us. The emails are password protected. Is this sufficient under GLBA or must the emails be encrypted?
Our entire WAN is wireless. Are there any guidelines that state we have to have RADIUS, 3DES, WEP, or any other security measure in place? We have measures in place, just want to see what's required.
What are the specific requirements regarding the use of an Intrusion Detection System? Can we just check the log files of my PIX and verify that no unusual traffic has been logged? Or do we have to have an actual IDS in place that that alerts us via email, and /or pager in case of attack? We have 4 branch offices, of which 3 are connected to the main office via a wireless connection. We also have 4 home users that are connected via wireless connections. Do we have to have an IDS system for both the internet connection and the wireless connections?
The bank is uploading all of each day's new deposit statements to our ebanking vendor, including both statements for customers enrolled in Internet Banking and statements for those not enrolled in Internet Banking. For those who have enrolled in Internet Banking, we do have the permissible purpose of providing them access to their account statements; the ebanking vendor is providing this third-party service on the bank's behalf. However, for those customers who have not enrolled in Internet Banking, do we have a permissible purpose since the ebanking vendor is not providing a third-party service for these customers on the bank's behalf? [We do not offer an opt-out option.]
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.