R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

June 26, 2005

CONTENT Internet Compliance Information Systems Security
IT Security Question Internet Privacy Website for Penetration Testing


FYI - Data losses push businesses to encrypt backup tapes - The loss of personal data of millions of consumers is prompting companies to embrace security technology they have neglected.  http://www.usatoday.com/tech/news/2005-06-13-encrypt-usat_x.htm

FYI - Two PCs with Motorola staff data stolen - Two computers containing personal information on Motorola employees were stolen from the mobile phone maker's human resources services provider, Affiliated Computer Services, the latest in a series of incidents of companies losing control of employee data.
http://news.com.com/2102-1029_3-5743173.html?tag=st.util.print
http://www.computerworld.com/printthis/2005/0,4814,102458,00.html

FYI - Feds miss mark on security reporting - Federal agencies need more detailed instructions to handle and report computer security threats, such as phishing, spyware and hacking, government auditors said in a report released today.  http://www.fcw.com/article89234-06-13-05-Web

FYI - GAO - Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems.
Report - http://www.gao.gov/cgi-bin/getrpt?GAO-05-231
Highlights - http://www.gao.gov/highlights/d05231high.pdf

FYI - Password safety 'foreign' to most staff - Nearly half of all IT managers have major concerns about the level of password management within their company, a report has revealed. http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=9b0ef21e-c102-4950-bda4-f7302c8625c4&newsType=Latest%20News&s=n


FYI - How to Protect Against Anonymous User Connections - Developing an audit program that monitors anonymous connections can help prevent external threats to computer systems. Many organizations may not be aware they are leaving their networks open to hackers, virus writers, and unauthorized insiders. The culprit: anonymous user connections. http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5622

FYI - Utah bank says big breach put its data at risk - A small bank in Utah is the latest company to become entangled in the controversy over a security breach that has put personal data on 40 million cardholders at risk for fraud. http://news.com.com/2102-1029_3-5758882.html?tag=st.util.print

FYI - Details emerge on credit card breach - More details emerged Monday on the cyberbreak-in at a payment processing company that exposed more than 40 million credit card accounts to fraud. http://news.com.com/2102-7349_3-5754661.html?tag=st.util.print

Return to the top of the newsletter

WEB SITE COMPLIANCE -
Reserve Requirements of Depository Institutions (Regulation D)

Pursuant to the withdrawal and transfer restrictions imposed on savings deposits, electronic transfers, electronic withdrawals (paid electronically) or payments to third parties initiated by a depositor from a personal computer are included as a type of transfer subject to the six transaction limit imposed on passbook savings and MMDA accounts.

Institutions also should note that, to the extent stored value or other electronic money represents a demand deposit or transaction account, the provisions of Regulation D would apply to such obligations. 

Consumer Leasing Act (Regulation M)


The regulation provides examples of advertisements that clarify the definition of an advertisement under Regulation M. The term advertisement includes messages inviting, offering, or otherwise generally announcing to prospective customers the availability of consumer leases, whether in visual, oral, print, or electronic media. Included in the examples are on-line messages, such as those on the Internet. Therefore, such messages are subject to the general advertising requirements.

Return to the top of the newsletter

INFORMATION TECHNOLOGY SECURITY
We continue the series  from the FDIC "Security Risks Associated with the Internet." 

SECURITY MEASURES


System Architecture and Design 


Measures to address access control and system security start with the appropriate system architecture. Ideally, if an Internet connection is to be provided from within the institution, or a Web site established, the connection should be entirely separate from the core processing system. If the Web site is placed on its own server, there is no direct connection to the internal computer system. However, appropriate firewall technology may be necessary to protect Web servers and/or internal systems. 


Placing a "screening router" between the firewall and other servers provides an added measure of protection, because requests could be segregated and routed to a particular server (such as a financial information server or a public information server). However, some systems may be considered so critical, they should be completely isolated from all other systems or networks.  Security can also be enhanced by sending electronic transmissions from external sources to a machine that is not connected to the main operating system.


Return to the top of the newsletter

IT SECURITY QUESTION:  IT insurance maintained:

a. Blanket bond
b. Equipment and Facilities insurance
c. Media Reconstruction insurance
d. Electronic Funds Transfer insurance
e. Business Interruptions insurance
f. Errors and Omissions insurance
g. Extra Expense and/or Backup Site Expense insurance
h. Items in Transit insurance
i. Internet banking coverage

Return to the top of the newsletter

INTERNET PRIVACY
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

27. If each joint consumer may opt out separately, does the institution permit:

a. one joint consumer to opt out on behalf of all of the joint consumers; [7(d)(3)]

b. the joint consumers to notify the institution in a single response; [7(d)(5)] and

c. each joint consumer to opt out either for himself or herself, and/or for another joint consumer? [7(d)(5)]


VISTA - Does {custom4} need an affordable Internet security penetration-vulnerability test?  Our clients in 41 states rely on VISTA to ensure their IT security settings, as well as meeting the independent diagnostic test requirements of FDIC, OCC, OTS, FRB, and NCUA, which provides compliance with Gramm-Leach Bliley Act 501(b) The VISTA penetration study and Internet security test is an affordable-sophisticated process than goes far beyond the simple scanning of ports and testing focuses on a hacker's perspective, which will help you identify real-world weaknesses.  For more information, give Kinney Williams a call today at 806-798-7119 or visit http://www.internetbankingaudits.com/.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated