R. Kinney Williams - Yennik, Inc.®
R. Kinney Williams
Yennik, Inc.

Internet Banking News
Brought to you by Yennik, Inc. the acknowledged leader in Internet auditing for financial institutions.

January 2, 2011

CONTENT Internet Compliance Information Systems Security
IT Security Question
Internet Privacy
Website for Penetration Testing
Does Your Financial Institution need an affordable Internet security audit?  Yennik, Inc. has clients in 42 states that rely on our penetration testing audits to ensure proper Internet security settings and to meet the independent diagnostic test requirements of FDIC, OCC, FRB, and NCUA, which provides compliance with Gramm-Leach Bliley Act 501(b) The penetration audit and Internet security testing is an affordable-sophisticated process than goes far beyond the simple scanning of ports.  The audit focuses on a hacker's perspective, which will help you identify real-world weaknesses.  For more information, give R. Kinney Williams a call today at 806-798-7119 or visit http://www.internetbankingaudits.com/.

Spending less than 5 minutes a week along with a cup of coffee, you can monitor your IT security as required by the FDIC, OCC, FRB FFIEC, NCUA, NIST, GLBA, HIPAA, and IT best practices.  For more information visit http://www.yennik.com/it-review/.

FYI - Fortifying Phones From Attackers - AT&T Hires Ph.Ds for Security Lab - As consumers and companies embrace smartphones to do more of their computing, the wireless industry is taking its first steps to beef up security on mobile devices. http://online.wsj.com/article/SB10001424052748704774604576035960449272404.html

FYI - To secure agency systems, start at the top - NIST outlines an organizational-level approach to continuous monitoring - Effective IT security requires a top-down approach, with strategic planning at the organizational level rather than on a system-by-system basis, the National Institute of Standards and Technology says in newly released draft guidelines for continuous monitoring. http://gcn.com/articles/2010/12/21/nist-continuous-monitoring.aspx

FYI - FCC's Performance Management Weaknesses Could Jeopardize Proposed Reforms of the Rural Health Care Program.
Release - http://www.gao.gov/products/GAO-11-27
Highlights - http://www.gao.gov/highlights/d1127high.pdf

FYI - Germany plans news cyber-warfare defence centre - Germany will create a new cyber-warfare defence centre next year to fight off espionage attacks, the German interior ministry said. http://uk.reuters.com/article/idUKTRE6BQ2JS20101227

FYI - Man faces criminal charges for reading wife's e-mail - You know, things that they don't know you know, things that you happen to have read when they might have idly left their laptop open on their Gmail homepage. http://news.cnet.com/8301-17852_3-20026611-71.html


FYI - VA doctors' foray into cloud causes potential breach - The Veterans Affairs Department has ordered an immediate shutdown of a cloud application on the Yahoo website that VA doctors were using to store patients’ medical information without appropriate data security controls, officials said. http://fcw.com/articles/2010/12/23/va-calendar-cloud-breach.aspx?admgarea=TC_SECCYBERSEC

FYI - Hacker charged over siphoning off funds meant for software devs - Accused of diverting Mystic River of cash- An alleged hacker has been charged with breaking into the e-commerce systems of Digital River before redirecting more than $250,000 to an account under his control. http://www.theregister.co.uk/2010/12/23/digital_river_hack_charges/

FYI - Escrow Co. Sues Bank Over $440K Cyber Theft - An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines. http://krebsonsecurity.com/2010/11/escrow-co-sues-bank-over-440k-cyber-theft/

FYI - Hackers Attack Criminal Sites, Security Experts to Expose Security Flaws - A group of hackers attacked and took offline several sites belonging to credit-card sharing groups, security experts and other hacking communities who made mistakes in basic security. http://www.eweek.com/c/a/Security/Hackers-Attack-Criminal-Sites-Security-Experts-to-Expose-Security-Flaws-296445/

FYI - NYC bus tour company's database hacked of credit card info - The credit card details belonging to customers of CitySights NY were stolen when a database belonging to the sightseeing bus tours company was hacked. http://www.scmagazineus.com/nyc-bus-tour-companys-database-hacked-of-credit-card-info/article/193195/?DCMP=EMC-SCUS_Newswire

Return to the top of the newsletter


A financial institution that advertises on-line credit products that are subject to the Fair Housing Act must display the Equal Housing Lender logotype and legend or other permissible disclosure of its nondiscrimination policy if required by rules of the institution's regulator.

Home Mortgage Disclosure Act (Regulation C)

The regulations clarify that applications accepted through electronic media with a video component (the financial institution has the ability to see the applicant) must be treated as "in person" applications. Accordingly, information about these applicants' race or national origin and sex must be collected. An institution that accepts applications through electronic media without a video component, for example, the Internet or facsimile, may treat the applications as received by mail.

Return to the top of the newsletter
We continue our series on the FFIEC interagency Information Security Booklet.  



This phase ranks the risk (outcomes and probabilities) presented by various scenarios produced in the analysis phase to prioritize management's response. Management may decide that since some risks do not meet the threshold set in their security requirement, they will accept those risks and not proceed with a mitigation strategy. Other risks may require immediate corrective action. Still others may require mitigation, either fully or partially, over time. Risks that warrant action are addressed in the information security strategy.

In some borderline instances, or if planned controls cannot fully mitigate the risk, management may need to review the risk assessment and risk ranking with the board of directors or a delegated committee. The board should then document its acceptance of the risk or authorize other risk mitigation measures.

Return to the top of the newsletter

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

17. Does the institution provide consumers who receive the short-form initial notice with a reasonable means of obtaining the longer initial notice, such as: 

a. a toll-free telephone number that the consumer may call to request the notice;  [§6(d)(4)(i)] or

b. for the consumer who conducts business in person at the institution's office, having copies available to provide immediately by hand-delivery?  [§6(d)(4)(ii)]

Apology - The last addition had the incorrect date of the newsletter; however the content was correct.  We greatly apologize for this oversight.  For those of you that contacted us - thanks.


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

NEW The Weekly IT Security Review NEW
A weekly email that lets you continuously review
your IT operations throughout the year.

Purchase now for the special inaugural price.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated