|
Intrusion Testing Policies
Published by Grant Thornton, LLC
Internet banking provides community banks with new avenues of services, revenues, and risks. Intrusion Testing Policies
assure community banks that their Web sites and other access devices safely restrict account access while providing reliable and convenient services to business and consumer customers.
Because unauthorized access can come from both external and internal sources, financial institutions must demonstrate in
their policies a clear understanding of risks, the estimated value of possible losses, and the likelihood of occurrence. They also must take responsibility for implementation of appropriate
mitigation procedures. Topics covered include:
Introduction
Industry status
Regulator issues
Customer concerns
Developing security policies
Intrusion risk assessment plan
Identify possible costs
Failure to use due diligence
Risk information
Rate risks
Security plan
Risk mitigation controls
Encryption
Authentication
Other authentication options
Software integrity
System components
Modem risks & protections
Intrusion detection software
Firewalls
Records
Employees, contractors & vendors
Intrusion response policies and procedures
Annual review
Response to an intrusion
Employee decision-making and action authority
Availability of resources
Restoration tools and techniques
Notification procedures
Filing a suspicious activity report (SAR)
About the FS/ISAC
About the National Infrastructure Protection Center
About the CERT Coordination Center
Staff training and testing procedures
Appendices
|
