Solved

Credit Union Supervisory Committee Question for CIO

Posted on 2013-12-12
5
49 Views
Last Modified: 2015-03-19
This may be way off topic for this site but here it goes.  I am on a supervisory committee for a credit union and we have our annual questionnaire to pose to management.  We would like a overview from the CIO as to what safeguards are in place to protect members data.  What questions should be asked and how should the question be written?  The majority of the committee members are not tech savvy, so the answer we would be looking for is more of an overview of what is in place to secure the data.  Any help with this would be greatly appreciated.
0
Comment
Question by:brisma
5 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39715461
Some of the most common ones I see, in no particular order,
1. Do all desktops have real-time AV on them?
2. How are these AV applications updated?  Manually, automatic, scheduled?
3. Is the backup solution encrypted, is this vendor listed on the Approved vendor list?
   -if not, then describe the process in which is is protected from unauthorized use?
4. Is there 3rd party remote control software in use
5. are their wireless access points in use
6. Describe the process used to decommission office equipment at the end of it useful life?
7. Are end users allowed to use USB or other removable media?
  -If yes, how is this controlled/audited?
8. What process/steps/audit trail is in place to prove the above is being adhered to?
   - IE is there a IT asset log, AV reports, IT destruction log, etc.
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39715538
There are 'official' standards for IT security for financial institutions and the Payment Card Industry Data Security Standards (PCI-DSS).  Here's the site for PCI-DSS: https://www.pcisecuritystandards.org/  I'm sure there is another one (or more) for banks and credit unions.  There are also extensive accounting standards that they have to meet.

Note that to maintain 'accreditation', credit unions and banks have to pass at least quarterly scans and audits to maintain their insurance if nothing else.  You might ask if those reports are available or at least information about them.
0
 

Assisted Solution

by:brisma
brisma earned 0 total points
ID: 39717655
Thanx for the suggestions.  I am familiar with PCI-DSS.  I think the questions posed are good ones by tsaico.  I am trying to keep the questions and answers on a laymen's level as other committee members are not technically savvy.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Security, hackers 10 112
Ransome Ware Question 10 123
Questions Vulnerability apps and results 3 53
internet access from windows servers 4 53
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
OfficeMate Freezes on login or does not load after login credentials are input.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now