Your Financial Institution need an affordable Internet security
Yennik, Inc. has clients in 42 states
that rely on
our penetration testing audits
to ensure proper Internet security settings and
meet the independent diagnostic test
requirements of FDIC, OCC, OTS, FRB, and NCUA, which provides
Gramm-Leach Bliley Act 501(b).
The penetration audit and
Internet security testing is an affordable-sophisticated process than
goes far beyond the simple
scanning of ports. The audit
a hacker's perspective, which will help
you identify real-world weaknesses. For more information, give
R. Kinney Williams a call
today at 806-798-7119 or visit
A recovering CIO's view of the new security initiatives - As debate
continues over the value the Consensus Audit Guidelines have for
securing government systems, I'd like to put my chief information
officer's hat back on for a moment and explain how I see the
comparison between the CAG and the current security advice from the
National Institute of Standards and Technology (NIST) in its Special
GAO - Suspicious Activity Report Use Is Increasing, but FinCEN
Needs to Further Develop and Document Its Form Revision Process.
White House expected to lead cybersecurity efforts - When Melissa
Hathaway concludes her 60-day review of federal cybersecurity
initiatives, the White House likely will be appointed
decision-maker, Rep. James Langevin, D-R.I., said in a conference
call with reporters.
Court won't revive Va. anti-spam law - Law ruled unconstitutional
because it prohibited political, religious e-mails - The Supreme
Court will not consider reinstating Virginia's anti-spam law, among
the nation's toughest in banning unsolicited e-mails.
Prosecutors charge former IRS employee with filing false tax claims
- Federal prosecutors on Monday charged a former Internal Revenue
Service employee with illegally accessing agency computers and
filing false claims against the government.
U.K. parliament computers get Confickered - You'd think the British
government would be up on the latest and greatest security
practices, but apparently even officials there have their problems.
95pc of organisations store personal data, but few know how to
protect it - While close to 95pc of Irish organisations store
personal data, only 31pc have a formal data-breach policy. And
nearly half of these organisations have little confidence in ISPs
preventing unauthorised access to private data.
Conficker expectedly chaos-free as it activates across world - Right
on schedule, the latest variant of the Conficker worm awoke
Wednesday, querying hundreds of new URLs for instructions on what to
do next. But, as most experts predicted, there were no orders to be
had, and the estimated millions of machines infected by the malware
remain in standby mode.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
ACU says computer server hacked - An Abilene Christian University
computer server was hacked near the end of February, but university
officials do not at this point believe any personal information was
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
A financial institution that advertises on-line credit products that
are subject to the Fair Housing Act must display the Equal Housing
Lender logotype and legend or other permissible disclosure of its
nondiscrimination policy if required by rules of the institution's
Home Mortgage Disclosure Act (Regulation C)
The regulations clarify that applications accepted through
electronic media with a video component (the financial institution
has the ability to see the applicant) must be treated as "in
person" applications. Accordingly, information about these
applicants' race or national origin and sex must be collected. An
institution that accepts applications through electronic media
without a video component, for example, the Internet or facsimile,
may treat the applications as received by mail.
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
We continue our series on the FFIEC interagency Information Security
SYSTEMS DEVELOPMENT, ACQUISITION, AND MAINTENANCE -
SOFTWARE DEVELOPMENT AND ACQUISITION
Source Code Review and Testing
Application and operating system source code can have numerous
vulnerabilities due to programming errors or misconfiguration. Where
possible, financial institutions should use software that has been
subjected to independent security reviews of the source code
especially for Internet facing systems. Software can contain
erroneous or intentional code that introduces covert channels,
backdoors, and other security risks into systems and applications.
These hidden access points can often provide unauthorized access to
systems or data that circumvents built-in access controls and
logging. The source code reviews should be repeated after the
creation of potentially significant changes.
Return to the top of the
G. APPLICATION SECURITY
2. Determine if user input is validated appropriately (e.g.
character set, length, etc).
Return to the top of
INTERNET PRIVACY - We continue
our series listing the regulatory-privacy examination questions.
When you answer the question each week, you will help ensure
compliance with the privacy regulations.
Initial Privacy Notice
2) Does the institution provide a clear and conspicuous notice
that accurately reflects its privacy policies and practices to all
consumers, who are not customers, before any nonpublic
personal information about the consumer is disclosed to a
nonaffiliated third party, other than under an exception in §§14
or 15? [§4(a)(2)]?