R. Kinney Williams - Yennik, Inc.
R. Kinney Williams
Yennik, Inc.

Internet Banking News
Brought to you by Yennik, Inc. the acknowledged leader in Internet auditing for financial institutions.

April 19, 2009

CONTENT Internet Compliance Information Systems Security
IT Security Question
Internet Privacy
Website for Penetration Testing
Does Your Financial Institution need an affordable Internet security audit?  Yennik, Inc. has clients in 42 states that rely on our penetration testing audits to ensure proper Internet security settings and to meet the independent diagnostic test requirements of FDIC, OCC, OTS, FRB, and NCUA, which provides compliance with Gramm-Leach Bliley Act 501(b) The penetration audit and Internet security testing is an affordable-sophisticated process than goes far beyond the simple scanning of ports.  The audit focuses on a hacker's perspective, which will help you identify real-world weaknesses.  For more information, give R. Kinney Williams a call today at 806-798-7119 or visit http://www.internetbankingaudits.com/.

EU tells members to get ready for disaster - The EU is pushing the development of a strategy to protect Europe from cyber-attacks and disruptions. The guidelines - which amount to a disaster recovery procedures for nations instead of individual corporate entities - are designed to cover incidences such as natural disasters, terrorist attacks, hackers, rupture of submarine telecom cables or hardware failure. http://www.theregister.co.uk/2009/03/31/eu_cyberattack_strategy/

Credit card data inadequately protected - The self-regulatory system credit card companies have created to protect consumer data sacrifices some consumer protections for the sake of conveniencing the credit card companies and their financial institution partners, retail representatives told Congress. http://news.cnet.com/8301-13578_3-10208827-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Kaiser fires 15 workers for snooping in octuplet mom's medical records - Another eight hospital employees disciplined for improperly accessing Nadya Suleman's files - A Kaiser Permanente hospital located in a Los Angeles suburb has fired 15 employees and reprimanded eight others for improperly accessing the personal medical records of Nadya Suleman, the California woman who gave birth to octuplets in January. http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9130827

FTC site helps meeting "Red Flags Rule" - With the Federal Trade Commission (FTC) promising to begin enforcing the "Red Flags Rules" on May 1, the FTC launched on Thursday a website aimed at helping entities adhere to the requirements. http://www.scmagazineus.com/FTC-site-helps-meeting-Red-Flags-Rule/article/130084/?DCMP=EMC-SCUS_Newswire

Financial crisis fuels identity theft fears - Most Americans believe the world financial crisis has increased their risk of identity theft or related crimes, according to the latest Unisys Security Index. http://www.scmagazineus.com/Survey-Financial-crisis-fuels-identity-theft-fears/article/130205/?DCMP=EMC-SCUS_Newswire


Some UltraDNS customers knocked offline by attack - NeuStar confirmed that some of its UltraDNS managed DNS service customers were knocked offline for several hours Tuesday morning by a distributed denial of service attack. http://www.networkworld.com/news/2009/033109-ultradns-service-attacked.html

Stolen laptop contains pupils' data - A COMPUTER containing information about thousands of school children has been stolen from education headquarters. Burglars targeted Progress House, the main offices of Wigan Council's Children and Young People's Services, and took several laptop computers. http://www.leighjournal.co.uk/news/4255670.Stolen_laptop_contains_pupils__data/

FYI - Security breach under scrutiny at the Clark County auditor's office - Law enforcement has not been contacted - Concerns over applications installed on a computer in the Clark County auditor's office have prompted an internal investigation, but law enforcement officials have not been asked to get involved. http://www.newsandtribune.com/clarkcounty/local_story_094202804.html

FYI - 6,000 UW workers' personal information at risk - About 6,000 University of Washington employees were notified this week that their names and Social Security numbers were on a computer system that was hacked. http://seattletimes.nwsource.com/html/localnews/2008958501_uwdata01m.html

Paul McCartney's website hacked to distribute malware - The official website for former Beatle Paul McCartney was compromised to infect users through drive-by downloads. http://www.scmagazineus.com/Paul-McCartneys-website-hacked-to-distribute-malware/article/130330/?DCMP=EMC-SCUS_Newswire

Return to the top of the newsletter

WEB SITE COMPLIANCE - Non-Deposit Investment Products

Financial institutions advertising or selling non-deposit investment products on-line should ensure that consumers are informed of the risks associated with non-deposit investment products as discussed in the "Interagency Statement on Retail Sales of Non Deposit Investment Products."  On-line systems should comply with this Interagency Statement, minimizing the possibility of customer confusion and preventing any inaccurate or misleading impression about the nature of the non-deposit investment product or its lack of FDIC insurance.

Return to the top of the newsletter
We continue our series on the FFIEC interagency Information Security Booklet.  


Outsourced Development

Many financial institutions outsource software development to third parties. Numerous vendor management issues exist when outsourcing software development. The vendor management program established by management should address the following:

! Verifying credentials and contracting only with reputable providers;
! Evaluating the provider's secure development environment, including background checks on its employees and code development and testing processes;
! Obtaining fidelity coverage;
! Requiring signed nondisclosure agreements to protect the financial institution's rights to source code and customer data as appropriate;
! Establishing security requirements, acceptance criterion, and test plans;
! Reviewing and testing source code for security vulnerabilities, including covert channels or backdoors that might obscure unauthorized access into the system;
! Restricting any vendor access to production source code and systems and monitoring their access to development systems; and
! Performing security tests to verify that the security requirements are met before implementing the software in production.

Return to the top of the newsletter



3. Determine if appropriate message authentication takes place.

Return to the top of the newsletter

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Initial Privacy Notice

3)  Does the institution provide to existing customers, who obtain a new financial product or service, an initial privacy notice that covers the customer's new financial product or service, if the most recent notice provided to the customer was not accurate with respect to the new financial product or service? [4(d)(1)]


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated