Practical Guidance
Time-saving Solutions
Knowledgeable Insights

IT Security Management Manual

Frequency: (1 issues)

Select a format

Book :+ Folio exe file
ISBN: 9780769878300
In Stock
Price
$812.00
QTY
eBook :epub
ISBN: 9780769879727
In Stock
Price
$758.00
Best value
QTY
eBook :mobi
ISBN: 9780769879727
In Stock
Price
$758.00
Best value
QTY
Downloadable Content :exe
Not sold separately
ISBN: 9780769878300
In Stock
Price
$812.00
International Order Inquiry

Product details

View a sample of this title using the ReadNow feature

While the business of banking continues to change, so do the risk exposures that financial institutions face. In an environment of accelerating change, information technology has increasingly taken center stage as institutions continue to strive to offer new and more efficient means of delivering products and services to customers who rush to adopt them. The reality is that, as financial institutions increase their reliance on technology, they must also face and resolve an ever-changing host of new IT security risks.

The IT Security Management Manual has been in publication for almost a decade. It reflects the factors influencing technology security in financial institutions within those years, and the increased focus on risk management. Cloud computing, virtualization, consumerization, and mobile access are a few of the important areas covered in the manual.

Subscribers will receive a downloadable file containing editable forms

The eBook versions of this title feature links to Lexis Advance for further legal research options.

Editable Documents

The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:

•  The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.

•  Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.

This publication includes editable Word files for the following documents:

No.                        Title
I-2.1                       Information Security Risk Assessment Worksheet
I-2.2                       Information Technology Risk Assessment Worksheet
I-4.1                       Determining Cloud Services Minimum Security Requirements
I-6.1                       Privacy Rule Checklist
II.10.3                    POSIX System Security Checklist
II.10.4                    OS/400 System Security Checklist
II.10.5                    Server Security Policy
II.10.6                    Server Virtualization Policy
II-2.1                      Sample Technology Plan
II-2.2                      Network Audit Checklist
II-2.3                      Sample Privacy Policies
II-2.4                      Excerpts from Risk Management Section of ABC Finance Strategic Plan
II-2.5                      ABC Finance – Internal Audit Schedule
II-2.6                      Enrollment Form
II-2.7                      Privacy of Consumer Financial Information
II-4.1                      Facility Security Requirements
II-4.2                      Visitor Sign-In Log
II-4.3                      Records Retention Schedule
II-4.4                      Physical Security Policy
II-4.5                      Information Assets Policy
II-5.1                      Technology Planning Survey
II-5.2                      Wireless Security Audit Work Plan
II-5A.1                   Mobile Banking Risk Assessment Checklist
II-5A.2                   Remote Deposit Capture Risk Analysis Worksheet
II-5A.4                   Vendor Selection Checklist
II-5B.2                   Mobile Device Risk Assessment Checklist
II-5B.3                   Mobile Device Use Policy
II-6.1                      Customer Response Program Checklist
II-7.2                      Sample Commercial Client Remote Deposit Risk Assessment
II-7.4                      Remote Deposit Underwriting Checklist
II-9.2                      Cloud Computing Guidelines
II-9.3                      Cloud Computing Risk Assessment Checklist
II-9.4                      Cloud Computing Policy
III-11.1                   Sample Customer Identification Program
III-11.2                   Sample Bank Secrecy Act Policy
III-11.3                   Risk-Based Analysis for CIP Programs
III-11.4                   CIP Sample Audit Worksheet
III-12.4                   Sample IDPS Requirements
III-12.5                   Initial Research Questionnaire
III-12.6                   Vendor Questionnaire
III-12.7                   Cost Analysis Worksheet
III-13.1c                   Checklist of IT Documentation
III-13.2                   Sample Description of the Security Committee
III-13.3                   Security Policy Responsibility Chart
III-13.4                   Termination/Separation Checklist
III-13.5                   General Computer Security and Controls Risk Assessment Worksheet
III-1.1                     Sample SDLC Metrics
III-1.2                     Metrics Template and Instructions
III-1.3                     Metrics for Board of Directors/Trustees
III-1.4                     Metrics for Management
III-1.5                     Technical Metrics
III-3.1                     Insurance Analysis Worksheet
III-5.5                     Off-Site Storage Risk Assessment Worksheet
III-5.6                     Backup Routines
III-6.1                     Risk Assessment Form
III-6.2                     Business Impact Assessment Questionnaire
III-6.3                     Comparison of Recovery Strategies
III-6.4                     Alternate Facility Locations
III-6.5                     Facility Specifications
III-6.6                     Sample Business Continuity Plan Contents
III-6.7                     Standard BCP Format
III-6.8                     BCP Test Schedule
III-6.9                     Test Preparation Worksheet
III-6.10                   Test Problem Form
III-6.11                   Test Problem Log
III-6.12                   Acknowledgement of Receipt
III-6.13                   Plan Maintenance Request Form
III-6.14                   Plan Maintenance Log
III-6.15                   Sample Position Description for Business Continuity Planning Manager
III-6.16                   Sample Position Description for Business Continuity Planning Staff Member
III-6.17                   Distribution Register
III-6.19                   Sample Business Continuity Planning Policy
III-9.1                     Intranet/Internet Acceptable Use Sample Policy
III-9.2                     Sample Personal Computer/Network Systems Policy
III-9.3                     Sample Information Systems Security Policy
III-9.4                     Sample Internet Banking Policy
AppIII-9.1              ABC Finance Business Internet Banking Application
AppIII-9.2              ABC Finance ACH Agreement
AppIII-9.3              ACH Agreement
AppIII-9.4              ACH Agreement Operational/Security Procedures
AppIII-9.5              Resolution Authorizing ACH Agreement
AppIII-9.6              Cash Management Services Agreement
III-9.5                     Sample Information Security, PC/Network, and Intranet/Internet/Extranet Policies
III-9.6                     Emergency and Disaster Recovery Policy
III-9.7                     Change Management and Control Policy
AppIII-9.8              Change Authorization Form
I-2.1                        Information Security Risk Assessment Worksheet
I-2.2                        Information Technology Risk Assessment Worksheet
I-4.1                        Determining Cloud Services Minimum Security Requirements
I-6.1                        Privacy Rule Checklist
II.10.3                     POSIX System Security Checklist
II.10.4                     OS/400 System Security Checklist
II.10.5                     Server Security Policy
II.10.6                     Server Virtualization Policy
II-2.1                       Sample Technology Plan
II-2.2                       Network Audit Checklist
II-2.3                       Sample Privacy Policies
II-2.4                       Excerpts from Risk Management Section of ABC Finance's Strategic Plan
II-2.5                       ABC Finance – Internal Audit Schedule
II-2.6                       Enrollment Form
II-2.7                       Privacy of Consumer Financial Information
II-4.1                       Facility Security Requirements
II-4.2                       Visitor Sign-In Log
II-4.3                       Records Retention Schedule
II-4.4                       Physical Security Policy
II-4.5                       Information Assets Policy
II-5.1                       Technology Planning Survey
II-5.2                       Wireless Security Audit Work Plan
II-5A.1                     Mobile Banking Risk Assessment Checklist
II-5A.2                     Remote Deposit Capture Risk Analysis Worksheet
II-5A.4                     Vendor Selection Checklist
II-5B.2                     Mobile Device Risk Assessment Checklist

Authors / Contributors

Table of Contents

PART I ASSESSING IT SECURITY RISKS


Chapter I 1 Assessing IT Security Risks A Regulatory Perspective


Chapter I 2 Conducting an IT Security Risk Assessment


Chapter I 3 Internet Banking Risk Assessment


Chapter I 4 Assessing Cloud Security


Chapter I 5 Snapshot Assessment


Chapter I 6 Assessing Privacy Policies



PART II IMPLEMENTING IT SECURITY RISK SOLUTIONS


Chapter II 1 Technology Risk Management in Financial Institutions: Getting Started


Chapter II 2 Internet Banking Risk Management


Chapter II 3 Desktop, Server, and Network Security


Chapter II 4 Physical Security Risk


Chapter II 5 Securing Mobile and Wireless Systems


Chapter II 5A Mobile Banking Risks and Security Controls


Chapter II 5B Mobile Device Management and Security


Chapter II 6 Security of Customer Information


Chapter II 7 Securing Remote Deposit Capture


Chapter II 8 Public Website Security


Chapter II 9 Cloud Computing and ThirdParty Services


Chapter II 10 Operating System Security



PART III MANAGING AND MONITORING IT SECURITY RISKS


Chapter III 1 Information Security Metrics


Chapter III 2 IT Security Awareness Program


Chapter III 3 Mitigating Information Security Risk Through Insurance


Chapter III 4 Computer Security Logs and Audit Trails


Chapter III 5 Backup and Recovery Planning


Chapter III 6 Creating a Business Continuity Plan


Chapter III 7 Continuity Planning and the Systems Development Life Cycle


Chapter III 8 Monitoring IT Security


Chapter III 9 Security Policies


Chapter III 10 Required Disclosures


Chapter III 11 Complying with Customer Identification Requirements