It is not unusual for a community financial institution with limited personnel to have the Information Security Officer (ISO) act as a backup network administrator. In fact, this is a relatively common practice in an environment where key personnel will typically wear several hats. And there are practical reasons for this; the ISO is typically […]
The Pendulum Swings in 2011?
I’ll be posting my list of audit and examination trends for 2011 soon, but this article by me on a similar topic was just published in Bank Technology News.
The IT Steering Committee – Should or Must?
At a recent user group meeting of one of the major core vendors for community banks, I asked the question ‘how many of you use an IT or Tech Steering Committee?’. I was expecting a vast majority of hands to go up, but only about half did. This was surprising to me, given that: The […]
The 5 trickiest FDIC IT examination questions (part 5).
In my last post, I asked you to weigh in on what question you wanted me to address in this final post of the series. This one came from a bank that was in the process of actually filling out the questionnaire, and it’s a good one. It’s found in the Vendor Management section: “Has […]
The 5 trickiest FDIC IT examination questions (part 4).
Last time in Part 3 we discussed (at some length) the FDIC IT Exam question “Are project management techniques and system development life cycle processes used to guide efforts at acquiring and implementing technology (Y/N)?”. This time, we address a question from the Part 3 – Audit/Independent Review Program section titled: “Are the results of […]
The 5 trickiest FDIC IT examination questions (part 3).
Last time in Part 2 we tackled “Does the bank’s strategic planning process incorporate information security (Y/N)?” from the FDIC IT Examination…
The 5 trickiest FDIC IT examination questions (part 2).
Last time we addressed a question from the FDIC IT Examination Questionnaire, found in PART 2, OPERATIONS SECURITY AND RISK MANAGEMENT…
The 5 trickiest FDIC IT examination questions (part 1).
…and how to answer them. Actually, answering them is the easy part, they all require a “Y”. Documenting the basis for your answer is a bit harder. Because each question really requires it’s own discussion, I will address each one in separate posts. Also, the questionnaire I will be referring to is the newer 12/07 […]