Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Credit Union Supervisory Committee Question for CIO

Posted on 2013-12-12
5
Medium Priority
?
73 Views
Last Modified: 2015-03-19
This may be way off topic for this site but here it goes.  I am on a supervisory committee for a credit union and we have our annual questionnaire to pose to management.  We would like a overview from the CIO as to what safeguards are in place to protect members data.  What questions should be asked and how should the question be written?  The majority of the committee members are not tech savvy, so the answer we would be looking for is more of an overview of what is in place to secure the data.  Any help with this would be greatly appreciated.
0
Comment
Question by:brisma
5 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39715461
Some of the most common ones I see, in no particular order,
1. Do all desktops have real-time AV on them?
2. How are these AV applications updated?  Manually, automatic, scheduled?
3. Is the backup solution encrypted, is this vendor listed on the Approved vendor list?
   -if not, then describe the process in which is is protected from unauthorized use?
4. Is there 3rd party remote control software in use
5. are their wireless access points in use
6. Describe the process used to decommission office equipment at the end of it useful life?
7. Are end users allowed to use USB or other removable media?
  -If yes, how is this controlled/audited?
8. What process/steps/audit trail is in place to prove the above is being adhered to?
   - IE is there a IT asset log, AV reports, IT destruction log, etc.
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 39715538
There are 'official' standards for IT security for financial institutions and the Payment Card Industry Data Security Standards (PCI-DSS).  Here's the site for PCI-DSS: https://www.pcisecuritystandards.org/  I'm sure there is another one (or more) for banks and credit unions.  There are also extensive accounting standards that they have to meet.

Note that to maintain 'accreditation', credit unions and banks have to pass at least quarterly scans and audits to maintain their insurance if nothing else.  You might ask if those reports are available or at least information about them.
0
 

Assisted Solution

by:brisma
brisma earned 0 total points
ID: 39717655
Thanx for the suggestions.  I am familiar with PCI-DSS.  I think the questions posed are good ones by tsaico.  I am trying to keep the questions and answers on a laymen's level as other committee members are not technically savvy.
0

Featured Post

[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question