Episode #2 - July 31, 2009
Episode length: 20 minutes, 26 seconds
Intro:
- Find your hosts on Twitter: @SonyaJMills and @JimKisch
- www.continuity.net - Join Community and ask your banking peers
- Ask the Expert forums (on Community): Andy Greenawalt [Information security] and Jim Kisch [Compliance and Risk Management]
- LinkedIn: Compliance Support Group
- Twitter: @CE_Community and/or #ControlTv
- Community: Geeks (IT Type Folks): Encrypting Emails
Zix Corp
MailSafe from Perimeter: hosted solution
Compliance Challenge of the Week:
- ID Theft Red Flags
Our ActionPack helps prevent ID theft by managing these red flags in the institution and when it occurs facilitates personnel alerts and prompt response to the identity theft. The ActionPack automatically audits and improves the institution's ID theft protection program. The ActionPack is complete with reporting, training and guidance tools. Everything you'll need to Red Flags compliance. Here's what the ActionPack controls:
- monitors ID theft incidents, so the institution can determine whether they have enough red flags to prevent ID theft
- sends onDemand alerts such as suspicious activity to appropriate personnel. For example: Jim Kisch's checks were stolen from the mailbox, all tellers be on the alert!
- manages the list of accounts that should be 'covered' by ID Theft Protection Program. Red flags should generally be established for personal, family or household accounts.
- schedules the assessment to determine what degree these 'covered' accounts are vulnerable to ID theft exploits
- provides for a red flag detection and response analysis
- monitors service provider red flags and ID theft protection measures, the institutions compliance is dependent on it's service providers
- scheduled ID theft awareness program complete with common methods of identity theft. Our helpful information coupled with incident reports and any of the institution's material will be circulated to personnel at least annually.
- ID Theft Protection Program controls audit and "gap" analysis is performed at least once a year. All weaknesses in the institution's Red Flag will be addressed.
- informs clients of common weaknesses and regulator concerns.
FreePolicyFriday:
The purpose of an incident response plan is to establish a formal procedure for handling suspected system intrusions, system misuse, or any situation where unauthorized access to confidential or customer information is detected.
Closing Comments:
- interested in seeing the show live?
- please leave any feedback in the comments section
1 comments:
Sending customer data via e-mail is dangerous. Ease of use should not be part of the requirements. Secure solutions with vendors who are SOX and/or SAS 70 compliant are important. Many banks/credit unions have third party relationships where data is transferred between the bank and the vendor. I reccommend double encryption. I swear by the PGP encryption tool to encrypt and compress data. Follow the specifications for strong passwords. Then send or receive the data with a secure web based file exchange service. For example, FilesAnywhere.com, who allows you to simply e-mail links to your secure data.
@dmgerbino
Post a Comment
Note: Only a member of this blog may post a comment.