Your Financial Institution need an affordable Internet security
Yennik, Inc. has clients in 42 states
that rely on
our penetration testing audits
to ensure proper Internet security settings and
meet the independent diagnostic test
requirements of FDIC, OCC, OTS, FRB, and NCUA, which provides
Gramm-Leach Bliley Act 501(b).
The penetration audit and
Internet security testing is an affordable-sophisticated process than
goes far beyond the simple
scanning of ports. The audit
a hacker's perspective, which will help
you identify real-world weaknesses. For more information, give
R. Kinney Williams a call
today at 806-798-7119 or visit
NEW - What if
you could continuously review your IT operations throughout the
year, for less than five dollars a week? You can - by relying
on The Weekly IT Security Review by Yennik, Inc.
Readers have been asking us for a method that would allow them to
continuously review their IT operations throughout the year.
We have responded by using our expertise to develop The Weekly IT
Security Review - and we’re offering it to you for a limited
time at the inaugural price of $245, which is 50% off the regular
annual price of $490. Designed especially for IT
professionals, this new offering from Yennik, Inc. provides a weekly
review of information systems security issues. For more
information and to subscribe visit
Heartland pays Amex $3.6M over 2008 data breach - Heartland Payment
Systems will pay American Express $3.6 million to settle charges
relating to the 2008 hacking of its payment system network.
U.S. House to toughen internal cybersecurity policy - Congressional
leaders on Tuesday accepted five new cybersecurity policy
recommendations aimed at protecting sensitive information belonging
to the U.S. House and securing its IT systems from attack.
The 2009 data breach hall of shame - A review of the companies that
made headlines for all the wrong reasons - If there was anything
even vaguely comforting about the data breaches that were announced
this year, it was that many of them stemmed from familiar and
downright mundane security failures.
How one lost laptop can have a giant impact - As the CTO of a data
protection and encryption company, I hear many a tale of woe as
other CTOs and CEOs confess to me the stories of how various laptops
within their companies have gone astray and the destruction these
lost laptops have caused in their wake. With this in mind, here is
one such tale of woe, albeit fictional, that I have heard time and
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
Computer virus cripples Waikato DHB - Waikato District Health Board
has been crippled by a computer worm which has seen every PC in the
organisation shut down.
FBI investigating Citibank cyberattack - Citigroup denies
it, but its Citibank unit was reportedly robbed of tens of millions
of dollars, the victim of a cyberattack by members of a Russian
criminal gang, says Tuesday's Wall Steet Journal.
Thief steals U.S. Army laptop from employee's home - A laptop
containing the personal information of tens of thousands of U.S.
Army soldiers, family members and U.S. Department of Defense
employees was recently stolen.
Data collector threatens scribe who reported breach - Shoot the
messenger, Texas-style - A Texas company is threatening to press
criminal and civil charges against a Minnesota Public Radio reporter
after she uncovered a security lapse that exposed sensitive data for
at least 500 people.
North Carolina community college library users' data exposed -
Sensitive data belonging to the library users at a number of North
Carolina state-run community colleges may have been compromised when
a server was hacked.
N.Korea 'Hacks into S.Korea-U.S. Defense Plans' - Suspected North
Korean hackers may have gained access to a war plan devised by South
Korea and the U.S. in preparation for an emergency, including
details of specific operational scenarios, intelligence agencies
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
Sound Capacity, Business Continuity and Contingency Planning
Practices for E-Banking
1. All e-banking services and applications, including those provided
by third-party service providers, should be identified and assessed
2. A risk assessment for each critical e-banking service and
application, including the potential implications of any business
disruption on the bank's credit, market, liquidity, legal,
operational and reputation risk should be conducted.
3. Performance criteria for each critical e-banking service and
application should be established, and service levels should be
monitored against such criteria. Appropriate measures should be
taken to ensure that e-banking systems can handle high and low
transaction volume and that systems performance and capacity is
consistent with the bank's expectations for future growth in
4. Consideration should be given to developing processing
alternatives for managing demand when e-banking systems appear to be
reaching defined capacity checkpoints.
5. E-banking business continuity plans should be formulated to
address any reliance on third-party service providers and any other
external dependencies required achieving recovery.
6. E-banking contingency plans should set out a process for
restoring or replacing e-banking processing capabilities,
reconstructing supporting transaction information, and include
measures to be taken to resume availability of critical e-banking
systems and applications in the event of a business disruption.
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our coverage of
the FDIC's "Guidance on Managing Risks Associated With Wireless
Networks and Wireless Customer Access."
Risk Mitigation Components - Wireless Internet Devices
For wireless customer access, the financial institution should
institute policies and standards requiring that information and
transactions be encrypted throughout the link between the customer
and the institution. Financial institutions should carefully
consider the impact of implementing technologies requiring that a
third party have control over unencrypted customer information and
As wireless application technologies evolve, new security and
control weaknesses will likely be identified in the wireless
software and security protocols. Financial institutions should
actively monitor security alert organizations for notices related to
their wireless application services. They should also consider
informing customers when wireless Internet devices that require the
use of communications protocols deemed insecure will no longer be
supported by the institution.
The financial institution should consider having regular independent
security testing performed on its wireless customer access
application. Specific testing goals would include the verification
of appropriate security settings, the effectiveness of the wireless
application security implementation and conformity to the
institution's stated standards. The security testing should be
performed by an organization that is technically qualified to
perform wireless testing and demonstrates appropriate ethical
Return to the top of
INTERNET PRIVACY - We continue
our series listing the regulatory-privacy examination questions.
When you answer the question each week, you will help ensure
compliance with the privacy regulations.
43. Does the institution allow the consumer to select certain
nonpublic personal information or certain nonaffiliated third
parties with respect to which the consumer wishes to opt out?
(Note: an institution may allow partial opt outs
in addition to, but may not allow them instead of, a comprehensive