Spending less than 5 minutes a week along
with a cup of coffee, you can monitor your IT
security as required
by the FDIC, OCC, FRB FFIEC, NCUA, NIST, GLBA, HIPAA, and IT best practices.
For more information visit
FDIC Issues Rule Including IOLTAs in Temporary Unlimited Deposit
Insurance Coverage for Noninterest-Bearing Transaction Accounts -
The Board of Directors of the Federal Deposit Insurance Corporation
today approved a final rule to include Interest on Lawyer Trust
Accounts in the temporary unlimited deposit coverage for
noninterest-bearing transaction accounts.
(Please read because it requires a posting on
a bank's web site.)
- FERC lacks the juice to enforce smart grid security, study finds -
Security framework remains a work in progress, hampered by lack of
regulatory oversight - A framework of standards is emerging for
securing an intelligent energy grid, but it is not yet complete and
federal overseers lack the authority to require industry compliance,
according to a study by the Government Accountability Office.
- Palin e-mail hacker starts prison - A man who broke into Sarah
Palin's e-mail has been imprisoned - despite being told he might be
- FDIC phishing emails use Patriot Act scare tactic - Fraudulent
emails claiming to come from the Federal Deposit Insurance Corp.
(FDIC) are attempting to trick users into handing over their
sensitive personal information, the agency said in a warning issued
Wednesday to clients and customers.
- RIM to filter internet for BlackBerry users in Indonesia -
Responding to pressure from Indonesia's government, Research In
Motion (RIM) has decided to filter pornographic internet content for
BlackBerry users in that country.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
- Vodafone sacks staff over data breach - Vodafone has sacked
several employees over the privacy leak that exposed up to four
million customer records.
- Disgruntled TSA data analyst sentenced for sabotage attempt - A
former data analyst for the Transportation Security Administration
was sentenced to two years in prison for planting code in a
terrorist screening database server after he was told his position
was going to be eliminated.
- Men sentenced for role in international ATM skimming ring - Two
men were sentenced to lengthy prison terms on Tuesday for their
roles in an ATM skimming spree that authorities say targeted gas
station pumps throughout the United States.
- Hacked Laptops Lead Banks to Warn of Data Breaches - Recent data
breaches at two banks underscore what's becoming a gnarly problem
for companies that handle sensitive information: When does a hacked
PC become a data breach?
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
2 of 2)
In those instances where an electronic form of communication is
permissible by regulation, to reduce compliance risk institutions
should ensure that the consumer has agreed to receive disclosures
and notices through electronic means. Additionally, institutions may
want to provide information to consumers about the ability to
discontinue receiving disclosures through electronic means, and to
implement procedures to carry out consumer requests to change the
method of delivery. Furthermore, financial institutions advertising
or selling non-deposit investment products through on-line systems,
like the Internet, should ensure that consumers are informed of the
risks associated with non-deposit investment products as discussed
in the "Interagency Statement on Retail Sales of Non Deposit
Investment Products." On-line systems should comply with this
Interagency Statement, minimizing the possibility of customer
confusion and preventing any inaccurate or misleading impression
about the nature of the non-deposit investment product or its lack
of FDIC insurance.
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our series on the FFIEC
interagency Information Security Booklet.
INFORMATION SECURITY STRATEGY (1 of 2)
Action Summary - Financial institutions should develop a strategy
that defines control objectives and establishes an implementation
plan. The security strategy should include
1) Cost comparisons of different strategic approaches appropriate
to the institution's environment and complexity,
2) Layered controls that establish multiple control points between
threats and organization assets, and
3) Policies that guide officers and employees in implementing the
An information security strategy is a plan to mitigate risks while
complying with legal, statutory, contractual, and internally
developed requirements. Typical steps to building a strategy include
the definition of control objectives, the identification and
assessment of approaches to meet the objectives, the selection of
controls, the establishment of benchmarks and metrics, and the
preparation of implementation and testing plans.
The selection of controls is typically grounded in a cost comparison
of different strategic approaches to risk mitigation. The cost
comparison typically contrasts the costs of various approaches with
the perceived gains a financial institution could realize in terms
increased confidentiality, availability, or integrity of systems and
data. Those gains could include reduced financial losses, increased
customer confidence, positive audit findings, and regulatory
compliance. Any particular approach should consider: (1) policies,
standards, and procedures; (2) technology and architecture; (3)
resource dedication; (4) training; and (5) testing.
Return to the top of
INTERNET PRIVACY - We continue
our series listing the regulatory-privacy examination questions.
When you answer the question each week, you will help ensure
compliance with the privacy regulations.
20. Does the opt out notice
a. that the institution discloses or reserves the right to disclose
nonpublic personal information about the consumer to a nonaffiliated
third party; [§7(a)(1)(i)]
b. that the consumer has the right to opt out of that disclosure;
c. a reasonable means by which the consumer may opt out?