We use cookies to enable digital experiences. Disable them/read more. Browse on or click to
Information Security for Financial Institutions: Operations, Technology, and Compliance
Select a format

Select subscription type
Terms & conditions
Subscribers receive the product(s) listed on the Order Form and any Updates made available during the annual subscription period. Shipping and handling fees are not included in the annual price.
Subscribers are advised of the number of Updates that were made to the particular publication the prior year. The number of Updates may vary due to developments in the law and other publishing issues, but subscribers may use this as a rough estimate of future shipments. Subscribers may call Customer Support at 800-833-9844 for additional information.
Subscribers may cancel this subscription by: calling Customer Support at 800-833-9844; emailing customer.support@lexisnexis.com; or returning the invoice marked "CANCEL".
If subscribers cancel within 30 days after the product is ordered or received and return the product at their expense, then they will receive a full credit of the price for the annual subscription.
If subscribers cancel between 31 and 60 days after the invoice date and return the product at their expense, then they will receive a 5/6th credit of the price for the annual subscription. No credit will be given for cancellations more than 60 days after the invoice date. To receive any credit, subscriber must return all product(s) shipped during the year at their expense within the applicable cancellation period listed above.
The total price includes the product(s) listed in the Order Form and any Updates for a limited period (minimum period of 30 days) after the order is placed ("Order Window"). Shipping and handling fees are not included in the grand total price.
All shipments may be returned, at subscribers' expense, for full credit of the Price within 30 days of receipt.
Shipments may not be returned, and no credits will be issued, more than 30 days after receipt.
After the Order Window, subscribers will receive notice of Updates along with the then-current grand total price and order process as Updates become available. Subscribers will only be shipped those Updates they specifically request.
Product description
Your customers count on you to protect their information -- and so do your regulators! Get the expert guidance you need to safeguard your customers' information with Information Security for Financial Institutions.
Protecting your customers' information has never been more critical to your business -- or more challenging. Advances in technology along with increased regulatory scrutiny, require your immediate and careful attention. Information Security for Financial Institutions helps you put together an information security program that will pass muster with both the regulators and your customers.
This manual takes you step-by-step through a security planning process that helps you assess business risks and related threats, deflect threats, build more secure systems, and continuously monitor and improve security.
• Expert, practical guidance helps you develop and implement an information security program -- or improve your existing program.
• Compliance is built in -- just follow our plan to stay in compliance with the regulatory guidelines.
• Forms, diagrams, charts, glossary, risk assessment worksheets, and other tools make your planning process easier, yet more comprehensive.
• Organized by the six phases of security planning: risk assessment, protective controls, detective controls, technology management, response management, and compliance management -- so you can find the information you need quickly.
• Use our sample policies and monitoring tools to set up your own compliance manual.
Subscribers will receive a downloadable file containing editable forms.
Editable Documents
The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:
• The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.
• Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.
This publication includes editable Word files for the following documents:
No. Title
2.2 Computer Hardware Inventory
2.3 Computer Software Inventory
2.4 Data Communications Inventory
2.5 Risk Mitigation Worksheet
3.1 Insurance Analysis Worksheet – Real and Personal Property
3.2 Insurance Records Form
5.1 Facility Security Requirements
5.2 Visitor Sign-In Log
5.3 Records Retention Schedule
7.1 E-Mail Account/NT Domain Account Request Form
7.2 Password Receipt
7.3 Password Recommendations
8.1 Glossary of Server Security Terms
8.2 Server Security Acronyms and Abbreviations
8.3 POSIX System Security Checklist
8.4 OS/400 System Security Checklist
8.5 Server Security Policy
8.6 Server Virtualization Policy
9.2 Firewall Features, Functions, and Capabilities
11.1 Representative Commercial Software Products
12.1 Application Checklist
12.2 Glossary of Patch Management Terms
12.3 Patching Resources
12.4 Virus Software Download/Update/Security Centers
12.5 Vulnerability Advisory Resources
12.6 ICAT Metabase Information
12.7 Sample Patch Management and Control Policy
14.1 Acceptable Use Policy
14.2 Social Media Policy
14.3 Security Awareness Policy
14.4 Security Training Policy
15.1 Checklist of IT Documentation
15.2 Sample Description of the Security Committee
15.3 Security Policy Responsibility Chart
15.4 Termination/Separation Checklist
16.1 Security Policy Responsibility Chart
16.2 Distribution Register
16.3 Acknowledgement of Receipt
16.4 Security Plan Maintenance Form Policy Name:
17.1 Comparison of IDPS Technology Types
17.2 Glossary
17.3 Acronyms
17.4 Sample IDPS Requirements
17.5 Initial Research Questionnaire
17.6 Vendor Questionnaire
17.7 Cost Analysis Worksheet
18.1 Firewall Vulnerability Tests
20.1 Software Requirements Checklist
20.2 Software Design Checklist
20.3 Software Development Checklist
20.4 Software Architecture Checklist
20.5 Software Development Request Form
22.1 Acronyms
22.2 Cloud Computing Guidelines
22.3 Cloud Computing Risk Assessment Checklist
22.4 Cloud Computing Policy
23.2 Sample Outline of a Technology Plan
23.3 Technology Planning Survey
23.4 Common Wireless Frequencies and Applications
23.5 Acronyms and Abbreviations
23.6 Summary of Wireless Security Concerns
23.7 Wireless LAN Security Checklist
23.8 Bluetooth Security Checklist
23.9 Wireless Handheld Device Security Checklist
23.10 Wireless LAN Software Countermeasures
23.11 Wireless LAN Hardware Countermeasures
23.12 Wireless Security Audit Work Plan
23B.1 Sample SDLC Metrics
23B.2 Metrics Template and Instructions
23B.3 Metrics for Board of Directors/Trustees
23B.4 Metrics for Management
23B.5 Technical Metrics
23C.1 Terms and Definitions
23C.2 Mobile Device Risk Assessment Checklist
23C.3 Mobile Device Use Policy
24.2 Security Incident Reporting Form
25.1 Shutdown Procedures for Various Operating Systems
25.2 Vulnerability Repair Techniques
25.3 Instructions for Write-Protecting Media
25.4 IRT Standard Procedure Form
26.5 Off-Site Storage
26.6 Backup Routines
27.1 Risk Assessment Form
27.2 Business Impact Assessment Questionnaire
27.3 Comparison of Recovery Strategies
27.4 Alternate Facility Locations
27.5 Facility Specifications
27.6 Sample Business Continuity Plan Contents
27.7 Sample BCP Format
27.15 Sample Position Description for Business Continuity Planning Manager
27.16 Sample Position Description for Business Continuity Planning Staff Member
29.1 Information Systems Audit Manager Position Description
29.2 Information Systems Audit Staff Position Description
29.3 Criticality Ratings by System
29.4 Exposure Ratings by System
29.5 Overall Risk Rating
29.6 IT Audit Documentation
29.7 Information Systems Audit Schedule
29.8 IT Infrastructure Checklist
29.9 IT Audit Skills Assessment Form
29.10 Knowledge, Skills, and Abilities for IT Security Audit Areas by Audit Objective
29.11 Knowledge, Skills, and Abilities for Information Security Specialists
35.3 Content Management Systems–Features, Functions, and Capabilities
37.1 Risk Assessment Policy
37.2 Insurance Policy
37.3 Physical Security Policy
37.4 Information Assets Policy
37.5 Analog/ISDN Line Security Policy
37.6 Virtual Private Network (VPN) Policy
37.7 Password Policy
37.8 Database Password Policy
37.9 Encryption Policy
37.10 Anti-Virus Policy
37.11 Automatically Forwarded E-Mail Policy
37.12 Electronic Security and Monitoring Policy
37.13 Electronic Mail Policy
37.14 Technology Acceptable Use Policy
37.15 Security Awareness Policy
37.16 Security Training Policy
37.17 Acquisition Assessment Policy
37.18 Dial-In Access Policy
37.19 Extranet Policy
37.20 Information Sensitivity Policy
37.21 Privacy and Confidentiality
37.22 Server Security Policy
37.23 Software Copyrights – Licensing Policy
37.24 Wireless Communication Policy
37.25 Audit Policy
37.26 Security Administration Policy
37.27 Segregation of Duties Policy
37.28 Computer Center Operations Policy
37.29 Information Technology Steering Committee Policy
37.30 Program Change Control Policy
37.31 Third-Party IT Service Organization Policy
37.32 Cloud Computing Policy
37.33 Information Technology Planning Policy
37.34 Server Virtualization Policy
37.35 Incident Management Policy
37.36 Backup and Recovery Policy
37.37 Business Continuity Planning Policy
36.1 Application Controls
36.2 Backup Routines
36.3 Building Construction
36.4 Business Continuity Planning
36.5 Communication Controls
36.6 Computer Operations
36.7 Computer Room Security
36.8 Data Backup Procedures
36.9 E-Commerce Threats
36.10 Facility Security
36.11 Front Counter and Back Counter System Controls
36.12 General Computer Security and Controls
36.12 Insurance
36.13 Intrusion Detection Systems
36.14 Key and Lock Control
36.15 Main Computer Security
36.16 Network
36.17 Off-Site Storage
36.18 Personnel
36.19 Platform Virtualization
36.20 Remote Deposit System Controls
36.21 Positive Pay System Controls
36.22 Program Development
36.23 Vital Records
eBooks, CDs, downloadable content, and software purchases are non-cancellable, nonrefundable and nonreturnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis Advance® for further legal research options. A valid subscription to Lexis Advance® is required to access this content.
Table of contents
Table of Contents
Part I: Risk Assessment
Chapter 1 Computer Crime Techniques
Chapter 2 Risk Assessment Process
Chapter 3 Risk Transfer
Chapter 4 Computer Crime Legislation
Part II: Protective Controls
Chapter 5 Physical Security
Chapter 6 Authentication and Access Security
Chapter 7 Passwords
Chapter 8 Operating System Security
Chapter 9 Firewalls
Chapter 10 Encryption Techniques
Chapter 11 Malicious Software
Chapter 12 Application Security and Controls
Chapter 12A Computer Security Logs and Audit Trails
Chapter 13 Biometric Identification
Chapter 14 Security Awareness
Part III: Detective Controls
Chapter 15 Security Administration
Chapter 16 Security Policies
Chapter 17 Intrusion Detection Systems
Chapter 17A Forensic Techniques
Chapter 18 Vulnerability Assessment
Part IV: Technology Management
Chapter 19 Organizational Controls
Chapter 20 Systems Development and Maintenance Controls
Chapter 21 Systems Development Life Cycle
Chapter 22 Cloud Computing and IT Outsourcing
Chapter 23 Technology Planning
Chapter 23A Enterprise Information Technology Security Planning
Chapter 23B Information Security Metrics
Part V: Response Management
Chapter 24 Incident Response Team
Chapter 25 Incident Response Procedures
Chapter 26 Backup and Offsite Storage
Chapter 27 Business Continuity Planning
Part VI: Compliance Management
Chapter 28 External Audit
Chapter 29 Internal IT Audit
Chapter 30 Regulatory Agencies
Chapter 31 Computer-Assisted Audit Techniques
Chapter 32 Laws, Standards, and Guidelines
Chapter 33 Identity Theft Program
Chapter 34 Homeland Security
Chapter 35 Spam E-Mail
Risk Assessment Worksheets
Sample Policies
Glossary