REMINDER - This newsletter is
available for the Android smart phones and tablets. Go to the
Market Store and search for yennik.
- Federal Cybersecurity Guidelines Now Cover Cloud, Mobility -
Emerging technologies and cyber threats are focus of NIST's first
update to feds' security handbook in three years. New technologies,
such as mobile and cloud computing, that are rapidly being adopted
by the federal government have informed a major update to federal
- Air Force aims to turn cyber into a career - The military has
known for years that it will never be able to compete with the
private sector when it comes to paying cyber experts. http://www.federalnewsradio.com/?nid=396&sid=2768121
- Cyber Challenge Fills Education Void - The U.S. Cyber Challenge is
attracting young college graduates who feel their education has not
effectively prepared them for cybersecurity work.
- Banking Trojan hijacks live chat to run real-time fraud - Simpler,
faster, better... for crooks - A new strain of financial malware is
hijacking live chat sessions in a bid to hoodwink business banking
customers into handing over their banking login credentials or into
authorising fraudulent transactions.
- Constitutional Showdown Voided: Feds Decrypt Laptop Without
Defendant’s Help - Colorado federal authorities have decrypted a
laptop seized from a bank-fraud defendant, mooting a judge’s order
that the defendant unlock the hard drive so the government could use
its contents as evidence against her.
- FCC seeks comment on police shutdowns of cell service - Last
year's police shutdowns of cell phone service in San Francisco
subways was prompted by protests against police shootings. The FCC
wants public input on the issues around shutdowns.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
- Microsoft India warns that hackers accessed customer data - The
company's online store in India was hacked earlier this month -
Microsoft has warned customers that their financial data such as
credit card information may have been compromised by hackers who
attacked the company's online store in India earlier this month.
- Stolen NASA laptop had Space Station control codes - And no
encryption for supervillains to crack - A NASA laptop stolen last
year had not been encrypted, despite containing codes used to
control and command the International Space Station, the agency's
inspector general told a US House committee.
- Michael Jackson catalog among files stolen in Sony breach -
Hackers ripped off an estimated 50,000 music files, involving
Michael Jackson's entire back catalog, from Sony's internal
- Hackers had 'full functional control' of Nasa computers - Hackers
gained "full functional control" of key Nasa computers in 2011, the
agency's inspector general has told US lawmakers.
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
We continue covering
some of the issues discussed in the "Risk Management Principles for
Electronic Banking" published by the Basel Committee on Bank
Banking organizations have been delivering electronic services to
consumers and businesses remotely for years. Electronic funds
transfer, including small payments and corporate cash management
systems, as well as publicly accessible automated machines for
currency withdrawal and retail account management, are global
fixtures. However, the increased world-wide acceptance of the
Internet as a delivery channel for banking products and services
provides new business opportunities for banks as well as service
benefits for their customers.
Continuing technological innovation and competition among existing
banking organizations and new market entrants has allowed for a much
wider array of electronic banking products and services for retail
and wholesale banking customers. These include traditional
activities such as accessing financial information, obtaining loans
and opening deposit accounts, as well as relatively new products and
services such as electronic bill payment services, personalized
financial "portals," account aggregation and business-to-business
market places and exchanges.
Notwithstanding the significant benefits of technological
innovation, the rapid development of e-banking capabilities carries
risks as well as benefits and it is important that these risks are
recognized and managed by banking institutions in a prudent manner.
These developments led the Basel Committee on Banking Supervision to
conduct a preliminary study of the risk management implications of
e-banking and e-money in 1998. This early study demonstrated a clear
need for more work in the area of e-banking risk management and that
mission was entrusted to a working group comprised of bank
supervisors and central banks, the Electronic Banking Group (EBG),
which was formed in November 1999.
The Basel Committee released the EBG's Report on risk management and
supervisory issues arising from e-banking developments in October
2000. This Report inventoried and assessed the major risks
associated with e-banking, namely strategic risk, reputational risk,
operational risk (including security and legal risks), and credit,
market, and liquidity risks. The EBG concluded that e-banking
activities did not raise risks that were not already identified by
the previous work of the Basel Committee. However, it noted that
e-banking increase and modifies some of these traditional risks,
thereby influencing the overall risk profile of banking. In
particular, strategic risk, operational risk, and reputational risk
are certainly heightened by the rapid introduction and underlying
technological complexity of e-banking activities.
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our series on the
FFIEC interagency Information Security Booklet.
Security personnel allow legitimate users to have system
access necessary to perform their duties. Because of their internal
access levels and intimate knowledge of financial institution
processes, authorized users pose a potential threat to systems and
data. Employees, contractors, or third - party employees can exploit
their legitimate computer access for malicious, fraudulent, or
economic reasons. Additionally, the degree of internal access
granted to some users increases the risk of accidental damage or
loss of information and systems. Risk exposures from internal users
! Altering data,
! Deleting production and back up data,
! Crashing systems,
! Destroying systems,
! Misusing systems for personal gain or to damage the institution,
! Holding data hostage, and
! Stealing strategic or customer data for corporate espionage or
BACKGROUND CHECKS AND SCREENING
Financial institutions should verify job application information on
all new employees. The sensitivity of a particular job or access
level may warrant additional criminal background and credit checks.
Institutions should verify that contractors are subject to similar
screening procedures. Typically, the minimum verification
! Character references;
! Confirmation of prior experience, academic record, and
professional qualifications; and
! Confirmation of identity from government issued identification.
After employment, managers should remain alert to changes in
employees' personal circumstances that could increase incentives for
system misuse or fraud.
Return to the top of
INTERNET PRIVACY - We continue
our series listing the regulatory-privacy examination questions.
When you answer the question each week, you will help ensure
compliance with the privacy regulations.
Initial Privacy Notice
6) Does the institution provide a clear and conspicuous notice that
accurately reflects its privacy policies and practices at least
annually (that is, at least once in any period of 12 consecutive
months) to all customers, throughout the customer relationship?
(Note: annual notices are not required for former customers.