We use cookies to enable digital experiences. Disable them/read more. Browse on or click to
Lexis Nexis IT Security Management Manual
This comprehensive manual addresses IT security within a financial institution, including outsourced services. Expert Geoffrey Wold covers risk management, policies and procedures, internet risks and solutions, vendor over-reliance, staff training, customer information, business recovery, examination requirements and necessary documentation that the regulators require.
Publisher: LexisNexis Sheshunoff
Select a format
International Order Inquiry
Product details
View a sample of this title using the ReadNow feature
While the business of banking continues to change, so do the risk exposures that financial institutions face. In an environment of accelerating change, information technology has increasingly taken center stage as institutions continue to strive to offer new and more efficient means of delivering products and services to customers who rush to adopt them. The reality is that, as financial institutions increase their reliance on technology, they must also face and resolve an ever-changing host of new IT security risks.
The IT Security Management Manual has been in publication for almost a decade. It reflects the factors influencing technology security in financial institutions within those years, and the increased focus on risk management. Cloud computing, virtualization, consumerization, and mobile access are a few of the important areas covered in the manual.
Subscribers will receive a downloadable file containing editable forms
The eBook versions of this title feature links to Lexis Advance for further legal research options.
Editable Documents
The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:
• The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.
• Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.
This publication includes editable Word files for the following documents:
No. Title
I-2.1 Information Security Risk Assessment Worksheet
I-2.2 Information Technology Risk Assessment Worksheet
I-4.1 Determining Cloud Services Minimum Security Requirements
I-6.1 Privacy Rule Checklist
II.10.3 POSIX System Security Checklist
II.10.4 OS/400 System Security Checklist
II.10.5 Server Security Policy
II.10.6 Server Virtualization Policy
II-2.1 Sample Technology Plan
II-2.2 Network Audit Checklist
II-2.3 Sample Privacy Policies
II-2.4 Excerpts from Risk Management Section of ABC Finance Strategic Plan
II-2.5 ABC Finance – Internal Audit Schedule
II-2.6 Enrollment Form
II-2.7 Privacy of Consumer Financial Information
II-4.1 Facility Security Requirements
II-4.2 Visitor Sign-In Log
II-4.3 Records Retention Schedule
II-4.4 Physical Security Policy
II-4.5 Information Assets Policy
II-5.1 Technology Planning Survey
II-5.2 Wireless Security Audit Work Plan
II-5A.1 Mobile Banking Risk Assessment Checklist
II-5A.2 Remote Deposit Capture Risk Analysis Worksheet
II-5A.4 Vendor Selection Checklist
II-5B.2 Mobile Device Risk Assessment Checklist
II-5B.3 Mobile Device Use Policy
II-6.1 Customer Response Program Checklist
II-7.2 Sample Commercial Client Remote Deposit Risk Assessment
II-7.4 Remote Deposit Underwriting Checklist
II-9.2 Cloud Computing Guidelines
II-9.3 Cloud Computing Risk Assessment Checklist
II-9.4 Cloud Computing Policy
III-11.1 Sample Customer Identification Program
III-11.2 Sample Bank Secrecy Act Policy
III-11.3 Risk-Based Analysis for CIP Programs
III-11.4 CIP Sample Audit Worksheet
III-12.4 Sample IDPS Requirements
III-12.5 Initial Research Questionnaire
III-12.6 Vendor Questionnaire
III-12.7 Cost Analysis Worksheet
III-13.1c Checklist of IT Documentation
III-13.2 Sample Description of the Security Committee
III-13.3 Security Policy Responsibility Chart
III-13.4 Termination/Separation Checklist
III-13.5 General Computer Security and Controls Risk Assessment Worksheet
III-1.1 Sample SDLC Metrics
III-1.2 Metrics Template and Instructions
III-1.3 Metrics for Board of Directors/Trustees
III-1.4 Metrics for Management
III-1.5 Technical Metrics
III-3.1 Insurance Analysis Worksheet
III-5.5 Off-Site Storage Risk Assessment Worksheet
III-5.6 Backup Routines
III-6.1 Risk Assessment Form
III-6.2 Business Impact Assessment Questionnaire
III-6.3 Comparison of Recovery Strategies
III-6.4 Alternate Facility Locations
III-6.5 Facility Specifications
III-6.6 Sample Business Continuity Plan Contents
III-6.7 Standard BCP Format
III-6.8 BCP Test Schedule
III-6.9 Test Preparation Worksheet
III-6.10 Test Problem Form
III-6.11 Test Problem Log
III-6.12 Acknowledgement of Receipt
III-6.13 Plan Maintenance Request Form
III-6.14 Plan Maintenance Log
III-6.15 Sample Position Description for Business Continuity Planning Manager
III-6.16 Sample Position Description for Business Continuity Planning Staff Member
III-6.17 Distribution Register
III-6.19 Sample Business Continuity Planning Policy
III-9.1 Intranet/Internet Acceptable Use Sample Policy
III-9.2 Sample Personal Computer/Network Systems Policy
III-9.3 Sample Information Systems Security Policy
III-9.4 Sample Internet Banking Policy
AppIII-9.1 ABC Finance Business Internet Banking Application
AppIII-9.2 ABC Finance ACH Agreement
AppIII-9.3 ACH Agreement
AppIII-9.4 ACH Agreement Operational/Security Procedures
AppIII-9.5 Resolution Authorizing ACH Agreement
AppIII-9.6 Cash Management Services Agreement
III-9.5 Sample Information Security, PC/Network, and Intranet/Internet/Extranet Policies
III-9.6 Emergency and Disaster Recovery Policy
III-9.7 Change Management and Control Policy
AppIII-9.8 Change Authorization Form
I-2.1 Information Security Risk Assessment Worksheet
I-2.2 Information Technology Risk Assessment Worksheet
I-4.1 Determining Cloud Services Minimum Security Requirements
I-6.1 Privacy Rule Checklist
II.10.3 POSIX System Security Checklist
II.10.4 OS/400 System Security Checklist
II.10.5 Server Security Policy
II.10.6 Server Virtualization Policy
II-2.1 Sample Technology Plan
II-2.2 Network Audit Checklist
II-2.3 Sample Privacy Policies
II-2.4 Excerpts from Risk Management Section of ABC Finance's Strategic Plan
II-2.5 ABC Finance – Internal Audit Schedule
II-2.6 Enrollment Form
II-2.7 Privacy of Consumer Financial Information
II-4.1 Facility Security Requirements
II-4.2 Visitor Sign-In Log
II-4.3 Records Retention Schedule
II-4.4 Physical Security Policy
II-4.5 Information Assets Policy
II-5.1 Technology Planning Survey
II-5.2 Wireless Security Audit Work Plan
II-5A.1 Mobile Banking Risk Assessment Checklist
II-5A.2 Remote Deposit Capture Risk Analysis Worksheet
II-5A.4 Vendor Selection Checklist
II-5B.2 Mobile Device Risk Assessment Checklist
Authors / Contributors
Geoffrey H. Wold
Geoffrey H. Wold
The author, Geoffrey H. Wold, specializes in cybersecurity resilience and planning. He has performed cybersecurity assessments and developed cybersecurity plans for all sizes and types of organizations and industries. He is also the author of the LexisNexis Sheshunoff publications Information Security for Financial Institutions, IT Security Management Manual (for financial institutions), the State & Local Government Series: Business Continuity Preparedness, and Corporate Technology Planning and Management.
He holds a BA degree in mathematics and an MBA in accounting and information systems. He has received the following certifications:
• Certified Public Accountant from the American Institute of Certified Public Accountants
• Certified Information Technology Professional from the American Institute of Certified Public Accountants
• Certified Management Accountant from the National Association of Accountants
• Certified Information Systems Auditor from the Information Systems Audit and Control Association
• Certified in Risk and Information Systems Control from the Information Systems Audit and Control Association
• Certified in the Governance of Enterprise IT from the Information Systems Audit and Control Association
• Certified Management Consultant from the Institute of Management Consultants
• Certified Financial Services Auditor as awarded by the Institute of Internal Auditors.
Geoff performs and directs consulting projects for both the public and private sectors. He specializes in cybersecurity assessments and planning. His experience includes assessing cyber threats, vulnerabilities, and risks assessments; auditing cybersecurity and controls; planning cybersecurity protection and detection controls; and testing of cybersecurity and controls. His experience includes external and internal network vulnerability testing, physical security assessments, access security analyses, application security evaluations, and all aspects of general IT controls. He has performed cybersecurity assessments and developed cybersecurity plans for all sizes and types of industries.
Geoff has written and published several articles that address a wide range of planning, operational, and technology topics. He has also written eight books on business continuity planning, four books on IT security planning and management, four books on technology planning, and a book on computer crime prevention techniques. He has been a frequent speaker at industry seminars.
For more information on the consulting services available to your organization, contact Geoff Wold at (612) 805-9563. You can find Mr. Wold on LinkedIn.
Table of Contents
PART I ASSESSING IT SECURITY RISKS
Chapter I 1 Assessing IT Security Risks A Regulatory Perspective
Chapter I 2 Conducting an IT Security Risk Assessment
Chapter I 3 Internet Banking Risk Assessment
Chapter I 4 Assessing Cloud Security
Chapter I 5 Snapshot Assessment
Chapter I 6 Assessing Privacy Policies
PART II IMPLEMENTING IT SECURITY RISK SOLUTIONS
Chapter II 1 Technology Risk Management in Financial Institutions: Getting Started
Chapter II 2 Internet Banking Risk Management
Chapter II 3 Desktop, Server, and Network Security
Chapter II 4 Physical Security Risk
Chapter II 5 Securing Mobile and Wireless Systems
Chapter II 5A Mobile Banking Risks and Security Controls
Chapter II 5B Mobile Device Management and Security
Chapter II 6 Security of Customer Information
Chapter II 7 Securing Remote Deposit Capture
Chapter II 8 Public Website Security
Chapter II 9 Cloud Computing and ThirdParty Services
Chapter II 10 Operating System Security
PART III MANAGING AND MONITORING IT SECURITY RISKS
Chapter III 1 Information Security Metrics
Chapter III 2 IT Security Awareness Program
Chapter III 3 Mitigating Information Security Risk Through Insurance
Chapter III 4 Computer Security Logs and Audit Trails
Chapter III 5 Backup and Recovery Planning
Chapter III 6 Creating a Business Continuity Plan
Chapter III 7 Continuity Planning and the Systems Development Life Cycle
Chapter III 8 Monitoring IT Security
Chapter III 9 Security Policies
Chapter III 10 Required Disclosures
Chapter III 11 Complying with Customer Identification Requirements
