|
November 3, 2002
FYI
- GAO report on Employee Privacy: Computer-Use
Monitoring Practices and Policies of Selected Companies.
GAO-02-717 http://www.gao.gov/cgi-bin/getrpt?GAO-02-717
FYI
- Basel Committee
Report on "Management and Supervision of Cross-Border
Electronic Banking Activities," which is a follow-up to the
OCC's
"Risk Management Principles for E-Banking" released
in May 2001. http://www.occ.treas.gov/netbank/bcbs93.pdf
FYI
- FBI Struggling to Stop Cybercrime -
Failure to report known or suspected incidents is hindering the
government's ability to keep the Internet safe, FBI says. http://www.pcworld.com/news/article/0,aid,106580,tk,dn110102X,00.asp
FYI - The
Sarbanes-Oxley Act of 2002 - The recently enacted
Sarbanes-Oxley Act of 2002 includes provisions addressing audits,
financial reporting and disclosure, conflicts of interest, and
corporate governance at public companies. www.federalreserve.gov/boarddocs/srletters/2002/sr0220.htm
FYI
- U.S. Department of Treasury FinCEN Patriot Act
Communication System - This advisory letter transmits a U.S.
Department of Treasury, Financial Crimes Enforcement Network news
release, dated October 1, 2002.
The attached news release announces FinCEN’s new electronic
communications system, the Patriot Act Communication System Press
Release: www.occ.treas.gov/ftp/advisory/2002-8.txt
Attachment: http://www.fincen.gov/newsreleasepacs10012002.pdf
FYI - You may dread monthly bills in the mailbox, but consider them
a perk. Some companies are charging for them. http://www.nytimes.com/2002/10/29/technology/29BILL.html?ex=1036558800
FYI
- Wireless Security - Collaboration is key in the rapid-paced and
increasingly connected business world. At many companies, that means
giving employees the technology tools they need and creating ways
for them to work together seamlessly. http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=501
FYI
- A report released Wednesday by congressional investigators
found government agencies frequently share information gleaned from
various federal applications - sometimes without the applicant's
knowledge of where it might go. And it's legal. http://www.salon.com/tech/wire/2002/10/31/personal_data/index.html?x
INTERNET
COMPLIANCE - Electronic Delivery of Federally
Mandated Disclosures
The Federal Reserve Board published interim final rules to establish
uniform standards for the electronic delivery of federally mandated
disclosures under five consumer protection regulations: B (Equal
Credit Opportunity), E (Electronic Fund Transfers), M (Consumer
Leasing), Z (Truth in Lending), and DD (Truth in Savings).
Under the rules, financial institutions, creditors, lessors, and
others may deliver disclosures electronically if they obtain
consumers' consent in accordance with the requirements of the
Electronic Signatures in Global and National Commerce Act (the
"E-Sign Act"), enacted in June 2000. The Board's interim
rules provide guidance on the timing and delivery of electronic
disclosures, consistent with proposed rules issued by the Board in
August 1999, to ensure consumers have adequate opportunity to access
and retain the information.
INTERNET SECURITY - We continue our review of
the FDIC paper "Risk Assessment Tools and Practices or
Information System Security."
To ensure the security of information systems and data, financial
institutions should have a sound information security program that
identifies, measures, monitors, and manages potential risk exposure.
Fundamental to an effective information security program is ongoing
risk assessment of threats and vulnerabilities surrounding networked
and/or Internet systems. Institutions should consider the various
measures available to support and enhance information security
programs. The appendix to this paper describes certain vulnerability
assessment tools and intrusion detection methods that can be useful
in preventing and identifying attempted external break-ins or
internal misuse of information systems. Institutions should also
consider plans for responding to an information security incident.
PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy
examination questions. When you answer the question each week,
you will help ensure compliance with the privacy regulations.
40. Does the institution provide at least one initial, annual,
and revised notice, as applicable, to joint consumers? [§9(g)]
IN CLOSING - The
Gramm-Leach-Bliley Act, best practices, and examiners recommend a
penetration study of your Internet connection. The
Vulnerability Internet Security Test Audit (VISTA)
is an independent penetration study of {custom4}'s
network
connection to the Internet that meets the regulatory requirements.
As
professional IT auditors, we provide an independent review of the
vulnerability test results and an audit letter to your Board of
Directors certifying the test results. For answer to your
questions about vulnerability testing go to https://internetbankingaudits.com/frequently_asked_questions.htm.
|
