Our bank needs a risk assessment for Live Chat. Does anyone know where I can find one to begin working with so we don't have to reinvent the wheel?
We’re not sure we offer any mobile financial services (MFS). Can you give us some examples of what these are?
Our organization uses a vendor to service our mortgage loans. The vendor emails trial balance data, (loan numbers, names, balances, etc.) to us. The emails are password protected. Is this sufficient under GLBA or must the emails be encrypted?
What are the specific requirements regarding the use of an Intrusion Detection System? Can we just check the log files of my PIX and verify that no unusual traffic has been logged? Or do we have to have an actual IDS in place that that alerts us via email, and /or pager in case of attack? We have 4 branch offices, of which 3 are connected to the main office via a wireless connection. We also have 4 home users that are connected via wireless connections. Do we have to have an IDS system for both the internet connection and the wireless connections?
Our entire WAN is wireless. Are there any guidelines that state we have to have RADIUS, 3DES, WEP, or any other security measure in place? We have measures in place, just want to see what's required.
The bank is uploading all of each day's new deposit statements to our ebanking vendor, including both statements for customers enrolled in Internet Banking and statements for those not enrolled in Internet Banking. For those who have enrolled in Internet Banking, we do have the permissible purpose of providing them access to their account statements; the ebanking vendor is providing this third-party service on the bank's behalf. However, for those customers who have not enrolled in Internet Banking, do we have a permissible purpose since the ebanking vendor is not providing a third-party service for these customers on the bank's behalf? [We do not offer an opt-out option.]
How do banks intend to monitor their service providers to confirm that they are maintaining appropriate securitymeasures to safeguard the bank's customer information? We are looking for a practical, reasonable way to do this.
The federal banking regulators have agreed to on final Interagency Guidelines Establishing Standards for Safeguarding Customer Information ("Guidelines"). You previously wrote two articles for us on the proposed guidelines. (See <a href="gurus_technology1211.html">Part 1</a> and <a href="gurus_technology1218.html">Part 2</a>.) Were there any surprises for you in the final version of Interagency Guidelines Establishing Standards for Safeguarding Customer Information? And could you give us a quick heads-up on what the final guidelines provide?