Solved

Credit Union Supervisory Committee Question for CIO

Posted on 2013-12-12
5
63 Views
Last Modified: 2015-03-19
This may be way off topic for this site but here it goes.  I am on a supervisory committee for a credit union and we have our annual questionnaire to pose to management.  We would like a overview from the CIO as to what safeguards are in place to protect members data.  What questions should be asked and how should the question be written?  The majority of the committee members are not tech savvy, so the answer we would be looking for is more of an overview of what is in place to secure the data.  Any help with this would be greatly appreciated.
0
Comment
Question by:brisma
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 9

Expert Comment

by:tsaico
ID: 39715461
Some of the most common ones I see, in no particular order,
1. Do all desktops have real-time AV on them?
2. How are these AV applications updated?  Manually, automatic, scheduled?
3. Is the backup solution encrypted, is this vendor listed on the Approved vendor list?
   -if not, then describe the process in which is is protected from unauthorized use?
4. Is there 3rd party remote control software in use
5. are their wireless access points in use
6. Describe the process used to decommission office equipment at the end of it useful life?
7. Are end users allowed to use USB or other removable media?
  -If yes, how is this controlled/audited?
8. What process/steps/audit trail is in place to prove the above is being adhered to?
   - IE is there a IT asset log, AV reports, IT destruction log, etc.
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39715538
There are 'official' standards for IT security for financial institutions and the Payment Card Industry Data Security Standards (PCI-DSS).  Here's the site for PCI-DSS: https://www.pcisecuritystandards.org/  I'm sure there is another one (or more) for banks and credit unions.  There are also extensive accounting standards that they have to meet.

Note that to maintain 'accreditation', credit unions and banks have to pass at least quarterly scans and audits to maintain their insurance if nothing else.  You might ask if those reports are available or at least information about them.
0
 

Assisted Solution

by:brisma
brisma earned 0 total points
ID: 39717655
Thanx for the suggestions.  I am familiar with PCI-DSS.  I think the questions posed are good ones by tsaico.  I am trying to keep the questions and answers on a laymen's level as other committee members are not technically savvy.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question