R. Kinney Williams
Brought to you by
Yennik, Inc. the acknowledged leader in Internet auditing for financial
October 5, 2008
Your Financial Institution need an affordable Internet security
Yennik, Inc. has clients in 42 states
that rely on
our penetration testing audits
to ensure proper Internet security settings and
meet the independent diagnostic test
requirements of FDIC, OCC, OTS, FRB, and NCUA, which provides
Gramm-Leach Bliley Act 501(b).
The penetration audit and
Internet security testing is an affordable-sophisticated process than
goes far beyond the simple
scanning of ports. The audit
a hacker's perspective, which will help
you identify real-world weaknesses. For more information, give
R. Kinney Williams a call
today at 806-798-7119 or visit
LPL to pay $275K fine for hacking incidents - 10,000 clients left
vulnerable to ID theft in '07 - LPL Financial has agreed to pay a
$275,000 penalty for violating customers' privacy, the Securities
and Exchange Commission said.
Record number of active viruses measured - This summer's active
virus count hit record numbers, according to security firm Network
Box. August was the worst month for cybercrime, with threats
increasing by 51 percent.
Hacker answered personal questions to steal Palin password - The
hacker who broke into GOP vice presidential candidate Sarah Palin's
email correctly answered a few personal questions about the Alaska
governor to gain access to her Yahoo email account, according to a
first-person account posted to an internet forum.
Nevada Deadline on E-Mail Encryption Looming - On Oct. 1, the state
of Nevada will be requiring the encryption of all transmissions,
such as e-mail, for all businesses that send personal, identifiable
information over the Internet. The statute was signed into law in
2005 and is about to kick in as an enforceable law next month. Three
years flies when you're raking in chips at casinos and enjoying the
rising popularity of poker.
Two-thirds of firms hit by cybercrime - The Department of Justice
released data from its 2005 National Computer Security Survey last
week, finding that two-thirds of firms detected at least one
cybercrime during that year.
The actual survey results -
IT security in the executive suite - The campaign of Alaska Gov.
Sarah Palin was shocked - shocked! - to learn that hacktivists had
broken into a private Yahoo e-mail account belonging to the
Republican vice presidential nominee and posted some of the contents
on the Web.
GAO - DOD and VA Have Increased Their Sharing of Health Information,
but Further Actions Are Needed.
ATTACKS, INTRUSIONS, DATA THEFT & LOSS
ATF lost 76 weapons, hundreds of laptopsBy Lara Jakes Jordan,
Associated Press September 17, 2008 - The Bureau of Alcohol,
Tobacco, Firearms and Explosives lost 76 weapons and hundreds of
laptops over five years, the Justice Department reported Wednesday,
blaming carelessness and sloppy record-keeping.
Forever 21 says nearly 99,000 cards compromised in data thefts - The
thefts, which date back to 2004, were uncovered by the DOJ - Nearly
99,000 payment cards used by customers at several Forever 21 Inc.
retail stores may have been compromised in a series of data thefts
dating back to August 2004.
A London NHS hospital trust has admitted to losing almost 18,000
staff details on four CDs. The payroll details were lost on 22 July
while in transit between the salaries and wages department of
Whittington Hospital NHS Trust and payroll company McKesson, where
they were to be stored.
Confidential patient data lost on Teesdale street - TEESDALE is at
the centre of the latest data loss scandal after a memory stick
containing information on hundreds of NHS mental health patients was
found by a member of the public in a Barnard Castle street.
Palin e-mail hack - Report: FBI searches Tenn. student's apartment
in Palin hacking case Report - FBI agents served a search warrant on
Sunday at the Knoxville, Tenn., apartment of a college student whom
Internet sleuths last week had named as the hacker who accessed
Alaska Gov. Sarah Palin's e-mail account, a local television station
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
We continue our review of the FFIEC interagency statement on "Weblinking:
Identifying Risks and Risk Management Techniques."
(Part 5 of 10)
B. RISK MANAGEMENT TECHNIQUES
Management must effectively plan, implement, and monitor the
financial institution's weblinking relationships. This includes
situations in which the institution has a third-party service
provider create, arrange, or manage its website. There are several
methods of managing a financial institution's risk exposure from
third-party weblinking relationships. The methods adopted to manage
the risks of a particular link should be appropriate to the level of
risk presented by that link as discussed in the prior section.
Planning Weblinking Relationships
In general, a financial institution planning the use of weblinks
should review the types of products or services and the overall
website content made available to its customers through the
weblinks. Management should consider whether the links support the
institution's overall strategic plan. Tools useful in planning
weblinking relationships include:
1) due diligence with respect to third parties to which the
financial institution is considering links; and
2) written agreements with significant third parties.
the top of the newsletter
INFORMATION TECHNOLOGY SECURITY -
continue our series on the FFIEC interagency Information Security
CONTROLS - IMPLEMENTATION -
A firewall is a collection of components (computers, routers, and
software) that mediate access between different security domains.
All traffic between the security domains must pass through the
firewall, regardless of the direction of the flow. Since the
firewall serves as a choke point for traffic between security
domains, they are ideally situated to inspect and block traffic and
coordinate activities with network IDS systems.
Financial institutions have four primary firewall types from which
to choose: packet filtering, stateful inspection, proxy servers, and
application-level firewalls. Any product may have characteristics of
one or more firewall types. The selection of firewall type is
dependent on many characteristics of the security zone, such as the
amount of traffic, the sensitivity of the systems and data, and
applications. Over the next few weeks we will discussed the different
types of firewalls.
Return to the top of the
C. HOST SECURITY
Determine whether an appropriate process exists to authorize access
to host systems and that authentication and authorization controls
on the host appropriately limit access to and control the access of
Return to the top of
INTERNET PRIVACY - We continue
our review of the issues in the "Privacy of Consumer Financial
Information" published by the financial regulatory agencies.
Definitions and Key Concepts
In discussing the duties and limitations imposed by the
regulations, a number of key concepts are used. These concepts
include "financial institution"; "nonpublic personal
information"; "nonaffiliated third party"; the
"opt out" right and the exceptions to that right; and
"consumer" and "customer." Each concept is
briefly discussed below. A more complete explanation of each appears
in the regulations.
A "financial institution" is any institution the
business of which is engaging in activities that are financial in
nature or incidental to such financial activities, as determined by
section 4(k) of the Bank Holding Company Act of 1956. Financial
institutions can include banks, securities brokers and dealers,
insurance underwriters and agents, finance companies, mortgage
bankers, and travel agents.
Nonaffiliated Third Party:
A "nonaffiliated third party" is any person except
a financial institution's affiliate or a person employed jointly by
a financial institution and a company that is not the institution's
affiliate. An "affiliate" of a financial institution is
any company that controls, is controlled by, or is under common
control with the financial institution.
|PLEASE NOTE: Some
of the above links may have expired, especially those from news
organizations. We may have a copy of the article, so please e-mail
us at firstname.lastname@example.org if we
can be of assistance.