Does Your Financial Institution need an
affordable Internet security audit? Yennik, Inc. has clients in 42 states
that rely on our penetration testing audits
to ensure proper Internet security settings and
meet the independent diagnostic test requirements of
FDIC, OCC, FRB, and NCUA, which provides compliance with
Gramm-Leach Bliley Act 501(b).
The penetration audit and Internet security testing is an
affordable-sophisticated process than goes far beyond the simple
scanning of ports. The audit
a hacker's perspective, which will help
you identify real-world weaknesses.
For more information, give R. Kinney Williams a call today at
806-798-7119 or visit
Spending less than 5 minutes a week along
with a cup of coffee, you can monitor your IT
security as required
by the FDIC, OCC, FRB FFIEC, NCUA, NIST, GLBA, HIPAA, and IT best practices.
For more information visit
Fortifying Phones From Attackers - AT&T Hires Ph.Ds for Security Lab
- As consumers and companies embrace smartphones to do more of their
computing, the wireless industry is taking its first steps to beef
up security on mobile devices.
To secure agency systems, start at the top - NIST outlines an
organizational-level approach to continuous monitoring - Effective
IT security requires a top-down approach, with strategic planning at
the organizational level rather than on a system-by-system basis,
the National Institute of Standards and Technology says in newly
released draft guidelines for continuous monitoring.
- FCC's Performance Management Weaknesses Could Jeopardize Proposed
Reforms of the Rural Health Care Program.
Germany plans news cyber-warfare defence centre - Germany will
create a new cyber-warfare defence centre next year to fight off
espionage attacks, the German interior ministry said.
Man faces criminal charges for reading wife's e-mail - You know,
things that they don't know you know, things that you happen to have
read when they might have idly left their laptop open on their Gmail
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
VA doctors' foray into cloud causes potential breach - The Veterans
Affairs Department has ordered an immediate shutdown of a cloud
application on the Yahoo website that VA doctors were using to store
patients’ medical information without appropriate data security
controls, officials said.
Hacker charged over siphoning off funds meant for software devs -
Accused of diverting Mystic River of cash- An alleged hacker has
been charged with breaking into the e-commerce systems of Digital
River before redirecting more than $250,000 to an account under his
Escrow Co. Sues Bank Over $440K Cyber Theft - An escrow firm in
Missouri is suing its bank to recover $440,000 that organized cyber
thieves stole in an online robbery earlier this year, claiming the
bank’s reliance on passwords to secure high-dollar transactions
failed to measure up to federal e-banking security guidelines.
Hackers Attack Criminal Sites, Security Experts to Expose Security
Flaws - A group of hackers attacked and took offline several sites
belonging to credit-card sharing groups, security experts and other
hacking communities who made mistakes in basic security.
tour company's database hacked of credit card info - The credit card
details belonging to customers of CitySights NY were stolen when a
database belonging to the sightseeing bus tours company was hacked.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
A financial institution that advertises on-line credit products that
are subject to the Fair Housing Act must display the Equal Housing
Lender logotype and legend or other permissible disclosure of its
nondiscrimination policy if required by rules of the institution's
Home Mortgage Disclosure Act (Regulation C)
The regulations clarify that applications accepted through
electronic media with a video component (the financial institution
has the ability to see the applicant) must be treated as "in
person" applications. Accordingly, information about these
applicants' race or national origin and sex must be collected. An
institution that accepts applications through electronic media
without a video component, for example, the Internet or facsimile,
may treat the applications as received by mail.
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
INFORMATION SECURITY RISK ASSESSMENT
This phase ranks the risk (outcomes and probabilities) presented
by various scenarios produced in the analysis phase to prioritize
management's response. Management may decide that since some risks
do not meet the threshold set in their security requirement, they
will accept those risks and not proceed with a mitigation strategy.
Other risks may require immediate corrective action. Still others
may require mitigation, either fully or partially, over time. Risks
that warrant action are addressed in the information security
In some borderline instances, or if planned controls cannot fully
mitigate the risk, management may need to review the risk assessment
and risk ranking with the board of directors or a delegated
committee. The board should then document its acceptance of the risk
or authorize other risk mitigation measures.
Return to the top of
INTERNET PRIVACY - We continue
our series listing the regulatory-privacy examination questions.
When you answer the question each week, you will help ensure
compliance with the privacy regulations.
Content of Privacy Notice
17. Does the institution provide consumers who receive the
short-form initial notice with a reasonable means of obtaining the
longer initial notice, such as:
a. a toll-free telephone number that the consumer may call to
request the notice; [§6(d)(4)(i)] or
b. for the consumer who conducts business in person at the
institution's office, having copies available to provide immediately
by hand-delivery? [§6(d)(4)(ii)]
- The last addition had the incorrect date of the newsletter;
however the content was correct. We greatly apologize for this
oversight. For those of you that contacted us - thanks.