It is not unusual for a community financial institution with limited personnel to have the Information Security Officer (ISO) act as a backup network administrator. In fact, this is a relatively common practice in an environment where key personnel will typically wear several hats. And there are practical reasons for this; the ISO is typically […]
I’ll be posting my list of audit and examination trends for 2011 soon, but this article by me on a similar topic was just published in Bank Technology News.
At a recent user group meeting of one of the major core vendors for community banks, I asked the question ‘how many of you use an IT or Tech Steering Committee?’. I was expecting a vast majority of hands to go up, but only about half did. This was surprising to me, given that: The […]
In my last post, I asked you to weigh in on what question you wanted me to address in this final post of the series. This one came from a bank that was in the process of actually filling out the questionnaire, and it’s a good one. It’s found in the Vendor Management section: “Has […]
Last time in Part 3 we discussed (at some length) the FDIC IT Exam question “Are project management techniques and system development life cycle processes used to guide efforts at acquiring and implementing technology (Y/N)?”. This time, we address a question from the Part 3 – Audit/Independent Review Program section titled: “Are the results of […]
Last time in Part 2 we tackled “Does the bank’s strategic planning process incorporate information security (Y/N)?” from the FDIC IT Examination…
Last time we addressed a question from the FDIC IT Examination Questionnaire, found in PART 2, OPERATIONS SECURITY AND RISK MANAGEMENT…
…and how to answer them. Actually, answering them is the easy part, they all require a “Y”. Documenting the basis for your answer is a bit harder. Because each question really requires it’s own discussion, I will address each one in separate posts. Also, the questionnaire I will be referring to is the newer 12/07 […]