October 31, 1999
FYI - The GAO report to the Chairman of the Board of the Governors of the
Federal Reserve System on "Areas of Improvement in Computer Controls" can be
read at http://www.gao.gov/new.items/ai99280.pdf.
INTERNET SECURITY - Many break-ins or insider misuses of information occur due to poor
security programs. Hackers often exploit well-known weaknesses and security defects in
operating systems that have not been appropriately addressed by the institution.
Inadequate maintenance and improper system design may also allow hackers to exploit a
security system. New security risks arise from evolving attack methods or newly detected
holes and bugs in existing software and hardware. Also, new risks may be introduced as
systems are altered or upgraded, or through the improper setup of available
FYI - Your Network Administrator needs to stay abreast of new security threats and
vulnerabilities. It is equally important that you keep up to date on the latest security
patches and version upgrades that are available to fix security flaws and bugs.
Information security and relevant vendor Web sites contain much of this information. While
I monitor Novell and Microsoft's newsletters for any potential problems, you should also
be reviewing your vendor's web site for new security threats and vulnerabilities that
affect your computer operations.
INTERNET COMPLIANCE - Generally, Internet web sites are considered advertising by the
regulatory agencies. In some cases, the regulations contain special rules for
multiple-page advertisements. It is not yet clear what would constitute a single
"page" in the context of the Internet or on-line text. Thus, you should
carefully review your on-line advertisements in an effort to minimize compliance risk.
In addition, Internet sites in which a credit application can be made on-line may be
considered "places of business" under HUD's rules prescribing lobby notices.
Thus, institutions may want to consider including the "lobby notice,"
particularly in the case of interactive systems that accept on-line applications.
WEB PAGES - If you link your web pages to other sites, the following or similar disclaimer
is recommended as a separate web page when the visitor leaves your site. " Links to
other web sites found here are provided to assist in locating information. The mere fact
that there is a link between this web site and another does not constitute a product or
program endorsement by your bank or any of its affiliates or employees. The bank has no
responsibility for content of the web sites found at these links, or beyond, and does not
attest to the accuracy or propriety of any information located there. "