We use cookies to enable digital experiences. Disable them/read more. Browse on or click to
Lexis Nexis Information Security for Financial Institutions: Operations, Technology, and Compliance
Regulatory scrutiny on data security is increasing as mobile and electronic banking adoption grows. Expert Geoffrey Wold helps you create and maintain an information security program, ensuring comfort and compliance with both the regulators and your customers.
Publisher: LexisNexis Sheshunoff
Select a format
International Order Inquiry
Product details
View a sample of this title using the ReadNow feature
Your customers count on you to protect their information -- and so do your regulators! Get the expert guidance you need to safeguard your customers' information with Information Security for Financial Institutions.
Protecting your customers' information has never been more critical to your business -- or more challenging. Advances in technology along with increased regulatory scrutiny, require your immediate and careful attention. Information Security for Financial Institutions helps you put together an information security program that will pass muster with both the regulators and your customers.
This manual takes you step-by-step through a security planning process that helps you assess business risks and related threats, deflect threats, build more secure systems, and continuously monitor and improve security.
• Expert, practical guidance helps you develop and implement an information security program -- or improve your existing program.
• Compliance is built in -- just follow our plan to stay in compliance with the regulatory guidelines.
• Forms, diagrams, charts, glossary, risk assessment worksheets, and other tools make your planning process easier, yet more comprehensive.
• Organized by the six phases of security planning: risk assessment, protective controls, detective controls, technology management, response management, and compliance management -- so you can find the information you need quickly.
• Use our sample policies and monitoring tools to set up your own compliance manual.
Subscribers will receive a downloadable file containing editable forms.
Editable Documents
The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:
• The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.
• Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.
This publication includes editable Word files for the following documents:
No. Title
2.2 Computer Hardware Inventory
2.3 Computer Software Inventory
2.4 Data Communications Inventory
2.5 Risk Mitigation Worksheet
3.1 Insurance Analysis Worksheet – Real and Personal Property
3.2 Insurance Records Form
5.1 Facility Security Requirements
5.2 Visitor Sign-In Log
5.3 Records Retention Schedule
7.1 E-Mail Account/NT Domain Account Request Form
7.2 Password Receipt
7.3 Password Recommendations
8.1 Glossary of Server Security Terms
8.2 Server Security Acronyms and Abbreviations
8.3 POSIX System Security Checklist
8.4 OS/400 System Security Checklist
8.5 Server Security Policy
8.6 Server Virtualization Policy
9.2 Firewall Features, Functions, and Capabilities
11.1 Representative Commercial Software Products
12.1 Application Checklist
12.2 Glossary of Patch Management Terms
12.3 Patching Resources
12.4 Virus Software Download/Update/Security Centers
12.5 Vulnerability Advisory Resources
12.6 ICAT Metabase Information
12.7 Sample Patch Management and Control Policy
14.1 Acceptable Use Policy
14.2 Social Media Policy
14.3 Security Awareness Policy
14.4 Security Training Policy
15.1 Checklist of IT Documentation
15.2 Sample Description of the Security Committee
15.3 Security Policy Responsibility Chart
15.4 Termination/Separation Checklist
16.1 Security Policy Responsibility Chart
16.2 Distribution Register
16.3 Acknowledgement of Receipt
16.4 Security Plan Maintenance Form Policy Name:
17.1 Comparison of IDPS Technology Types
17.2 Glossary
17.3 Acronyms
17.4 Sample IDPS Requirements
17.5 Initial Research Questionnaire
17.6 Vendor Questionnaire
17.7 Cost Analysis Worksheet
18.1 Firewall Vulnerability Tests
20.1 Software Requirements Checklist
20.2 Software Design Checklist
20.3 Software Development Checklist
20.4 Software Architecture Checklist
20.5 Software Development Request Form
22.1 Acronyms
22.2 Cloud Computing Guidelines
22.3 Cloud Computing Risk Assessment Checklist
22.4 Cloud Computing Policy
23.2 Sample Outline of a Technology Plan
23.3 Technology Planning Survey
23.4 Common Wireless Frequencies and Applications
23.5 Acronyms and Abbreviations
23.6 Summary of Wireless Security Concerns
23.7 Wireless LAN Security Checklist
23.8 Bluetooth Security Checklist
23.9 Wireless Handheld Device Security Checklist
23.10 Wireless LAN Software Countermeasures
23.11 Wireless LAN Hardware Countermeasures
23.12 Wireless Security Audit Work Plan
23B.1 Sample SDLC Metrics
23B.2 Metrics Template and Instructions
23B.3 Metrics for Board of Directors/Trustees
23B.4 Metrics for Management
23B.5 Technical Metrics
23C.1 Terms and Definitions
23C.2 Mobile Device Risk Assessment Checklist
23C.3 Mobile Device Use Policy
24.2 Security Incident Reporting Form
25.1 Shutdown Procedures for Various Operating Systems
25.2 Vulnerability Repair Techniques
25.3 Instructions for Write-Protecting Media
25.4 IRT Standard Procedure Form
26.5 Off-Site Storage
26.6 Backup Routines
27.1 Risk Assessment Form
27.2 Business Impact Assessment Questionnaire
27.3 Comparison of Recovery Strategies
27.4 Alternate Facility Locations
27.5 Facility Specifications
27.6 Sample Business Continuity Plan Contents
27.7 Sample BCP Format
27.15 Sample Position Description for Business Continuity Planning Manager
27.16 Sample Position Description for Business Continuity Planning Staff Member
29.1 Information Systems Audit Manager Position Description
29.2 Information Systems Audit Staff Position Description
29.3 Criticality Ratings by System
29.4 Exposure Ratings by System
29.5 Overall Risk Rating
29.6 IT Audit Documentation
29.7 Information Systems Audit Schedule
29.8 IT Infrastructure Checklist
29.9 IT Audit Skills Assessment Form
29.10 Knowledge, Skills, and Abilities for IT Security Audit Areas by Audit Objective
29.11 Knowledge, Skills, and Abilities for Information Security Specialists
35.3 Content Management Systems–Features, Functions, and Capabilities
37.1 Risk Assessment Policy
37.2 Insurance Policy
37.3 Physical Security Policy
37.4 Information Assets Policy
37.5 Analog/ISDN Line Security Policy
37.6 Virtual Private Network (VPN) Policy
37.7 Password Policy
37.8 Database Password Policy
37.9 Encryption Policy
37.10 Anti-Virus Policy
37.11 Automatically Forwarded E-Mail Policy
37.12 Electronic Security and Monitoring Policy
37.13 Electronic Mail Policy
37.14 Technology Acceptable Use Policy
37.15 Security Awareness Policy
37.16 Security Training Policy
37.17 Acquisition Assessment Policy
37.18 Dial-In Access Policy
37.19 Extranet Policy
37.20 Information Sensitivity Policy
37.21 Privacy and Confidentiality
37.22 Server Security Policy
37.23 Software Copyrights – Licensing Policy
37.24 Wireless Communication Policy
37.25 Audit Policy
37.26 Security Administration Policy
37.27 Segregation of Duties Policy
37.28 Computer Center Operations Policy
37.29 Information Technology Steering Committee Policy
37.30 Program Change Control Policy
37.31 Third-Party IT Service Organization Policy
37.32 Cloud Computing Policy
37.33 Information Technology Planning Policy
37.34 Server Virtualization Policy
37.35 Incident Management Policy
37.36 Backup and Recovery Policy
37.37 Business Continuity Planning Policy
36.1 Application Controls
36.2 Backup Routines
36.3 Building Construction
36.4 Business Continuity Planning
36.5 Communication Controls
36.6 Computer Operations
36.7 Computer Room Security
36.8 Data Backup Procedures
36.9 E-Commerce Threats
36.10 Facility Security
36.11 Front Counter and Back Counter System Controls
36.12 General Computer Security and Controls
36.12 Insurance
36.13 Intrusion Detection Systems
36.14 Key and Lock Control
36.15 Main Computer Security
36.16 Network
36.17 Off-Site Storage
36.18 Personnel
36.19 Platform Virtualization
36.20 Remote Deposit System Controls
36.21 Positive Pay System Controls
36.22 Program Development
36.23 Vital Records
eBooks, CDs, downloadable content, and software purchases are non-cancellable, nonrefundable and nonreturnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis Advance® for further legal research options. A valid subscription to Lexis Advance® is required to access this content.
Authors / Contributors
Geoffrey H. Wold
Geoffrey H. Wold
The author, Geoffrey H. Wold, specializes in cybersecurity resilience and planning. He has performed cybersecurity assessments and developed cybersecurity plans for all sizes and types of organizations and industries. He is also the author of the LexisNexis Sheshunoff publications Information Security for Financial Institutions, IT Security Management Manual (for financial institutions), the State & Local Government Series: Business Continuity Preparedness, and Corporate Technology Planning and Management.
He holds a BA degree in mathematics and an MBA in accounting and information systems. He has received the following certifications:
• Certified Public Accountant from the American Institute of Certified Public Accountants
• Certified Information Technology Professional from the American Institute of Certified Public Accountants
• Certified Management Accountant from the National Association of Accountants
• Certified Information Systems Auditor from the Information Systems Audit and Control Association
• Certified in Risk and Information Systems Control from the Information Systems Audit and Control Association
• Certified in the Governance of Enterprise IT from the Information Systems Audit and Control Association
• Certified Management Consultant from the Institute of Management Consultants
• Certified Financial Services Auditor as awarded by the Institute of Internal Auditors.
Geoff performs and directs consulting projects for both the public and private sectors. He specializes in cybersecurity assessments and planning. His experience includes assessing cyber threats, vulnerabilities, and risks assessments; auditing cybersecurity and controls; planning cybersecurity protection and detection controls; and testing of cybersecurity and controls. His experience includes external and internal network vulnerability testing, physical security assessments, access security analyses, application security evaluations, and all aspects of general IT controls. He has performed cybersecurity assessments and developed cybersecurity plans for all sizes and types of industries.
Geoff has written and published several articles that address a wide range of planning, operational, and technology topics. He has also written eight books on business continuity planning, four books on IT security planning and management, four books on technology planning, and a book on computer crime prevention techniques. He has been a frequent speaker at industry seminars.
For more information on the consulting services available to your organization, contact Geoff Wold at (612) 805-9563. You can find Mr. Wold on LinkedIn.
Table of Contents
Table of Contents
Part I: Risk Assessment
Chapter 1 Computer Crime Techniques
Chapter 2 Risk Assessment Process
Chapter 3 Risk Transfer
Chapter 4 Computer Crime Legislation
Part II: Protective Controls
Chapter 5 Physical Security
Chapter 6 Authentication and Access Security
Chapter 7 Passwords
Chapter 8 Operating System Security
Chapter 9 Firewalls
Chapter 10 Encryption Techniques
Chapter 11 Malicious Software
Chapter 12 Application Security and Controls
Chapter 12A Computer Security Logs and Audit Trails
Chapter 13 Biometric Identification
Chapter 14 Security Awareness
Part III: Detective Controls
Chapter 15 Security Administration
Chapter 16 Security Policies
Chapter 17 Intrusion Detection Systems
Chapter 17A Forensic Techniques
Chapter 18 Vulnerability Assessment
Part IV: Technology Management
Chapter 19 Organizational Controls
Chapter 20 Systems Development and Maintenance Controls
Chapter 21 Systems Development Life Cycle
Chapter 22 Cloud Computing and IT Outsourcing
Chapter 23 Technology Planning
Chapter 23A Enterprise Information Technology Security Planning
Chapter 23B Information Security Metrics
Part V: Response Management
Chapter 24 Incident Response Team
Chapter 25 Incident Response Procedures
Chapter 26 Backup and Offsite Storage
Chapter 27 Business Continuity Planning
Part VI: Compliance Management
Chapter 28 External Audit
Chapter 29 Internal IT Audit
Chapter 30 Regulatory Agencies
Chapter 31 Computer-Assisted Audit Techniques
Chapter 32 Laws, Standards, and Guidelines
Chapter 33 Identity Theft Program
Chapter 34 Homeland Security
Chapter 35 Spam E-Mail
Risk Assessment Worksheets
Sample Policies
Glossary
