|
July 14, 2002
FYI
- Web Server vulnerability reaches all
time high http://www.theregister.co.uk/content/55/26049.html
FYI - Legislation to
create a Homeland Security Department, a top congressional priority,
has begun to attract previously introduced cybersecurity and other
technology-related bills as riders. http://www.govexec.com/dailyfed/0702/070302td1.htm
FYI - Power and energy
companies have become targets for computer hackers who have managed
to penetrate energy control networks as well as administrative
systems, according to a newspaper report. http://www.cbsnews.com/stories/2002/07/08/tech/main514426.shtml
FYI
- Specially Designated
Nationals and Blocked Persons - On June 27, 2002, the Department of the
Treasury's Office of Foreign Assets Control amended its list of Specially
Designated Nationals and Blocked Persons by adding two names. It also
redesignated one entry, with new information added, on its list of
Specially Designated Global Terrorists. www.fdic.gov/news/news/financial/2002/fil0276.html
FYI
- IT experts explain how a hacker could
have broken into account-holders' PCs to get their user IDs to
transfer funds in recent DBS case. http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8448
FYI
- Internet misuse leads to layoffs http://news.com.com/2110-1023-942502.html?tag=cdshrt
FYI - The Sept. 11
hijackers were able to open 35 American bank accounts without having
legitimate Social Security numbers and opened some of the accounts
with fabricated Social Security numbers that were never checked or
questioned by bank officials, a senior F.B.I. official said. http://www.nytimes.com/2002/07/10/national/10TERR.html
INTERNET
COMPLIANCE - Expedited Funds Availability Act
(Regulation CC)
Generally, the rules pertaining to the duty of an institution to
make deposited funds available for withdrawal apply in the
electronic financial services environment. This includes rules on
fund availability schedules, disclosure of policy, and payment of
interest. Recently, the FRB published a commentary that clarifies
requirements for providing certain written notices or disclosures to
customers via electronic means. Specifically, the commentary to the
regulations states that a financial institution satisfies the
written exception hold notice requirement, and the commentary to the
regulations states that a financial institution satisfies the
general disclosure requirement by sending an electronic version that
displays the text and is in a form that the customer may keep.
However, the customer must agree to such means of delivery of
notices and disclosures. Information is considered to be in a form
that the customer may keep if, for example, it can be downloaded or
printed by the customer. To reduce compliance risk, financial
institutions should test their programs' ability to provide
disclosures in a form that can be downloaded or printed.
INTERNET SECURITY - We continue the series
from the FDIC "Security Risks Associated with the Internet."
While this Financial Institution Letter was published in
December 1997, the issues still are relevant.
Product Certification and Security Scanning Products
Several organizations exist which independently assess and
certify the adequacy of firewalls and other computer system related
products. Typically, certified products have been tested for their
ability to permit and sustain business functions while protecting
against both common and evolving attacks.
Security scanning tools should be run frequently by system
administrators to identify any new vulnerabilities or changes in the
system. Ideally, the scan should be run both with and without the
firewall in place so the firewall's protective capabilities can be
fully evaluated. Identifying the susceptibility of the system
without the firewall is useful for determining contingency
procedures should the firewall ever go down. Some scanning tools
have different versions with varying degrees of intrusion/attack
attempts.
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
21. Does the institution provide the
consumer with the following information about the
right to opt out:
a. all the categories of nonpublic personal information that the
institution discloses or reserves the right to disclose; [§7(a)(2)(i)(A)]
b. all the categories of nonaffiliated third parties to whom the
information is disclosed; [§7(a)(2)(i)(A)];
c. that the consumer has the right to opt out of the disclosure of
that information; [§7(a)(2)(i)(A)] and
d. the financial products or services that the consumer obtains to
which the opt out direction would apply? [§7(a)(2)(i)(B)] |
