Control Tv Episode #2

Episode #2 - July 31, 2009

Episode length: 20 minutes, 26 seconds

Intro:

• Find your hosts on Twitter: @SonyaJMills and @JimKisch

Have Questions?

• www.continuity.net - Join Community and ask your banking peers
  
• Ask the Expert forums (on Community): Andy Greenawalt [Information security] and Jim Kisch [Compliance and Risk Management]
  
• LinkedIn: Compliance Support Group
• Twitter: @CE_Community and/or #ControlTv

What's Happening in the Forums?

• Community: Geeks (IT Type Folks): Encrypting Emails

"Does anyone encrypt their emails? What method/software do you use? Or maybe what do you use to encrypt files that you send via email?"
Zix Corp
MailSafe from Perimeter: hosted solution

Compliance Challenge of the Week:

• ID Theft Red Flags
  

Financial institutions are required to monitor red flags for ID theft. A red flag might be that a customer address change request is to an address that cannot be validated by credit report, utility bill, etc. If the institution cannot validate the address change it throws up a red flag. These "red flags" require a response which might be as simple as visiting the address to rule out that ID theft.

Our ActionPack helps prevent ID theft by managing these red flags in the institution and when it occurs facilitates personnel alerts and prompt response to the identity theft. The ActionPack automatically audits and improves the institution's ID theft protection program. The ActionPack is complete with reporting, training and guidance tools. Everything you'll need to Red Flags compliance. Here's what the ActionPack controls:

• monitors ID theft incidents, so the institution can determine whether they have enough red flags to prevent ID theft
• sends onDemand alerts such as suspicious activity to appropriate personnel. For example: Jim Kisch's checks were stolen from the mailbox, all tellers be on the alert!
• manages the list of accounts that should be 'covered' by ID Theft Protection Program. Red flags should generally be established for personal, family or household accounts.
• schedules the assessment to determine what degree these 'covered' accounts are vulnerable to ID theft exploits
• provides for a red flag detection and response analysis
• monitors service provider red flags and ID theft protection measures, the institutions compliance is dependent on it's service providers
• scheduled ID theft awareness program complete with common methods of identity theft. Our helpful information coupled with incident reports and any of the institution's material will be circulated to personnel at least annually.
• ID Theft Protection Program controls audit and "gap" analysis is performed at least once a year. All weaknesses in the institution's Red Flag will be addressed.
• informs clients of common weaknesses and regulator concerns.

FreePolicyFriday:

• Computer Security Incident Response Plan

The purpose of an incident response plan is to establish a formal procedure for handling suspected system intrusions, system misuse, or any situation where unauthorized access to confidential or customer information is detected.

Closing Comments:

• interested in seeing the show live?
• please leave any feedback in the comments section