R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

November 24, 2002

FYI  - The General Accounting Office (GAO) releases guidance on "Assessing the Reliability of Computer-Processed Data."  http://www.gao.gov/new.items/d03273g.pdf  

FYI -  Patch slipup raises security questions - The questionable handling of a fix for a recent widespread software vulnerability has some administrators worried that developers can't be trusted to make security a top priority.  http://news.com.com/2100-1001-966666.html 

FYI - When Deborah Fraser's credit card number was stolen, the thief didn't use it to buy a new car or a high-end laptop. Instead, the number was used to buy something potentially much more valuable--a domain name with the word "ebay" in it.  http://news.com.com/2100-1017-966835.html?tag=fd_top 

FYI - A sophisticated scam targeting automatic teller machines in Sydney could spread right across Australia, NSW police warned today.  http://www.ds-osac.org/view.cfm?key=7E4752424153&type=2B170C1E0A3A0F162820 

FYI - Treasury's Office of Foreign Assets Control has amended its list of Specially Designated Nationals and Blocked Persons - On October 25, 2002, the Department of the Treasury's Office of Foreign Assets Control amended its list of Specially Designated Nationals and Blocked Persons by adding 37 names to its list of Specially Designated Global Terrorists. www.fdic.gov/news/news/financial/2002/FIL02124.html

FYI - Treasury's Office of Foreign Assets Control has amended its list of Specially Designated Nationals and Blocked Persons  - On October 10, 2002, the Department of the Treasury's Office of Foreign Assets Control amended its list of Specially Designated Nationals and Blocked Persons by adding the following name to its list of Specially Designated Global Terrorists  www.fdic.gov/news/news/financial/2002/FIL02122.html

INTERNET COMPLIANCE
Non-Deposit Investment Products

Financial institutions advertising or selling non-deposit investment products on-line should ensure that consumers are informed of the risks associated with non-deposit investment products as discussed in the "Interagency Statement on Retail Sales of Non Deposit Investment Products."  On-line systems should comply with this Interagency Statement, minimizing the possibility of customer confusion and preventing any inaccurate or misleading impression about the nature of the non-deposit investment product or its lack of FDIC insurance.

INTERNET SECURITY
We continue our review of the FDIC paper "Risk Assessment Tools and Practices or Information System Security." 

Performing the Risk Assessment and Determining Vulnerabilities 

Performing a sound risk assessment is critical to establishing an effective information security program. The risk assessment provides a framework for establishing policy guidelines and identifying the risk assessment tools and practices that may be appropriate for an institution. Banks still should have a written information security policy, sound security policy guidelines, and well-designed system architecture, as well as provide for physical security, employee education, and testing, as part of an effective program.

When institutions contract with third-party providers for information system services, they should have a sound oversight program. At a minimum, the security-related clauses of a written contract should define the responsibilities of both parties with respect to data confidentiality, system security, and notification procedures in the event of data or system compromise. The institution needs to conduct a sufficient analysis of the provider's security program, including how the provider uses available risk assessment tools and practices. Institutions also should obtain copies of independent penetration tests run against the provider's system. 

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

43.  Does the institution allow the consumer to select certain nonpublic personal information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out? [10(c)]

(Note: an institution may allow partial opt outs in addition to, but may not allow them instead of, a comprehensive opt out.)

IN CLOSING - All of us at R. Kinney Williams & Associates hope you have a very thankful Thanksgiving.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated