09/16/2002
I just read in ABA Bankers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
09/02/2002
I just read in ABA BAnkers News, Volume 10, Issue 13 front page about Examiners asking for our "Information Security Risk Assessment". I am confused as to what the examiners are looking for.
09/02/2002
I'm trying to locate a bank policy for IT Security.
08/12/2002
I'm a new IT auditor. My institution is planning to offer Internet banking. I have been asked to set up a system of controls. Where can I find some helpful documentation about the subject?
07/01/2002
I'm a new IT auditor. My institution is actually planning to implement internet banking and I am asked to set up a system of controls. Where can I find some helpful documentation about the subject?
07/01/2002
I currently report to the Senior Manager in charge of Technology and Operations. There is discussion about me reporting to the Senior Retail Banking Manager. I am looking for some resources that provide a discussion about the area of the bank the security officer position should fall within.
06/17/2002
Could you suggest some qualified parties that do intrusion testing?
06/03/2002
With so much hype about getting the latest technologies in place to protect systems and networks, what is the real value in getting the right technology in place versus a focus on policies and procedures?
05/20/2002
I understand that E-Sign states that web transactions must be similarly authenticated using a electronic signatures. Electronic signatures include, but are not limited to, digital signatures and security codes. In the case of security codes, will the use of one-time password that is used for the particular user session suffice? The user is prompted to provide a one-time password at the beginning of the session, and once again just before submitting the payment (or debit in the case of NACHA).
05/06/2002
The bank is uploading all of each day's new deposit statements to our ebanking vendor, including both statements for customers enrolled in Internet Banking and statements for those not enrolled in Internet Banking. For those who have enrolled in Internet Banking, we do have the permissible purpose of providing them access to their account statements; the ebanking vendor is providing this third-party service on the bank's behalf. However, for those customers who have not enrolled in Internet Banking, do we have a permissible purpose since the ebanking vendor is not providing a third-party service for these customers on the bank's behalf? [We do not offer an opt-out option.]