IT Security Management Manual

This comprehensive manual addresses IT security within a financial institution, including outsourced services. Expert Geoffrey Wold covers risk management, policies and procedures, internet risks and solutions, vendor over-reliance, staff training, customer information, business recovery, examination requirements and necessary documentation that the regulators require.

Select a format

Print Book
Includes Downloadable Content: exe
ISBN: 9780769878300
In Stock
Best value
eBook :epub
Includes Downloadable Content: exe
ISBN: 9780769879727
In Stock
eBook :mobi
Includes Downloadable Content: exe
ISBN: 9780769879727
In Stock
Downloadable Content :exe
Not sold separately
ISBN: 9780769878300
In Stock
International Order Inquiry

Product details

View a sample of this title using the ReadNow feature

While the business of banking continues to change, so do the risk exposures that financial institutions face. In an environment of accelerating change, information technology has increasingly taken center stage as institutions continue to strive to offer new and more efficient means of delivering products and services to customers who rush to adopt them. The reality is that, as financial institutions increase their reliance on technology, they must also face and resolve an ever-changing host of new IT security risks.

The IT Security Management Manual has been in publication for almost a decade. It reflects the factors influencing technology security in financial institutions within those years, and the increased focus on risk management. Cloud computing, virtualization, consumerization, and mobile access are a few of the important areas covered in the manual.

Subscribers will receive a downloadable file containing editable forms

eBooks, CDs, downloadable content, and software purchases are non-cancellable, nonrefundable and nonreturnable. Click here for more information about LexisNexis eBooks. The eBook versions of this title may feature links to Lexis Advance® for further legal research options. A valid subscription to Lexis Advance® is required to access this content.

Editable Documents

The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:

•  The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.

•  Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.

This publication includes editable Word files for the following documents:

No.                        Title
I-2.1                       Information Security Risk Assessment Worksheet
I-2.2                       Information Technology Risk Assessment Worksheet
I-4.1                       Determining Cloud Services Minimum Security Requirements
I-6.1                       Privacy Rule Checklist
II.10.3                    POSIX System Security Checklist
II.10.4                    OS/400 System Security Checklist
II.10.5                    Server Security Policy
II.10.6                    Server Virtualization Policy
II-2.1                      Sample Technology Plan
II-2.2                      Network Audit Checklist
II-2.3                      Sample Privacy Policies
II-2.4                      Excerpts from Risk Management Section of ABC Finance Strategic Plan
II-2.5                      ABC Finance – Internal Audit Schedule
II-2.6                      Enrollment Form
II-2.7                      Privacy of Consumer Financial Information
II-4.1                      Facility Security Requirements
II-4.2                      Visitor Sign-In Log
II-4.3                      Records Retention Schedule
II-4.4                      Physical Security Policy
II-4.5                      Information Assets Policy
II-5.1                      Technology Planning Survey
II-5.2                      Wireless Security Audit Work Plan
II-5A.1                   Mobile Banking Risk Assessment Checklist
II-5A.2                   Remote Deposit Capture Risk Analysis Worksheet
II-5A.4                   Vendor Selection Checklist
II-5B.2                   Mobile Device Risk Assessment Checklist
II-5B.3                   Mobile Device Use Policy
II-6.1                      Customer Response Program Checklist
II-7.2                      Sample Commercial Client Remote Deposit Risk Assessment
II-7.4                      Remote Deposit Underwriting Checklist
II-9.2                      Cloud Computing Guidelines
II-9.3                      Cloud Computing Risk Assessment Checklist
II-9.4                      Cloud Computing Policy
III-11.1                   Sample Customer Identification Program
III-11.2                   Sample Bank Secrecy Act Policy
III-11.3                   Risk-Based Analysis for CIP Programs
III-11.4                   CIP Sample Audit Worksheet
III-12.4                   Sample IDPS Requirements
III-12.5                   Initial Research Questionnaire
III-12.6                   Vendor Questionnaire
III-12.7                   Cost Analysis Worksheet
III-13.1c                   Checklist of IT Documentation
III-13.2                   Sample Description of the Security Committee
III-13.3                   Security Policy Responsibility Chart
III-13.4                   Termination/Separation Checklist
III-13.5                   General Computer Security and Controls Risk Assessment Worksheet
III-1.1                     Sample SDLC Metrics
III-1.2                     Metrics Template and Instructions
III-1.3                     Metrics for Board of Directors/Trustees
III-1.4                     Metrics for Management
III-1.5                     Technical Metrics
III-3.1                     Insurance Analysis Worksheet
III-5.5                     Off-Site Storage Risk Assessment Worksheet
III-5.6                     Backup Routines
III-6.1                     Risk Assessment Form
III-6.2                     Business Impact Assessment Questionnaire
III-6.3                     Comparison of Recovery Strategies
III-6.4                     Alternate Facility Locations
III-6.5                     Facility Specifications
III-6.6                     Sample Business Continuity Plan Contents
III-6.7                     Standard BCP Format
III-6.8                     BCP Test Schedule
III-6.9                     Test Preparation Worksheet
III-6.10                   Test Problem Form
III-6.11                   Test Problem Log
III-6.12                   Acknowledgement of Receipt
III-6.13                   Plan Maintenance Request Form
III-6.14                   Plan Maintenance Log
III-6.15                   Sample Position Description for Business Continuity Planning Manager
III-6.16                   Sample Position Description for Business Continuity Planning Staff Member
III-6.17                   Distribution Register
III-6.19                   Sample Business Continuity Planning Policy
III-9.1                     Intranet/Internet Acceptable Use Sample Policy
III-9.2                     Sample Personal Computer/Network Systems Policy
III-9.3                     Sample Information Systems Security Policy
III-9.4                     Sample Internet Banking Policy
AppIII-9.1              ABC Finance Business Internet Banking Application
AppIII-9.2              ABC Finance ACH Agreement
AppIII-9.3              ACH Agreement
AppIII-9.4              ACH Agreement Operational/Security Procedures
AppIII-9.5              Resolution Authorizing ACH Agreement
AppIII-9.6              Cash Management Services Agreement
III-9.5                     Sample Information Security, PC/Network, and Intranet/Internet/Extranet Policies
III-9.6                     Emergency and Disaster Recovery Policy
III-9.7                     Change Management and Control Policy
AppIII-9.8              Change Authorization Form
I-2.1                        Information Security Risk Assessment Worksheet
I-2.2                        Information Technology Risk Assessment Worksheet
I-4.1                        Determining Cloud Services Minimum Security Requirements
I-6.1                        Privacy Rule Checklist
II.10.3                     POSIX System Security Checklist
II.10.4                     OS/400 System Security Checklist
II.10.5                     Server Security Policy
II.10.6                     Server Virtualization Policy
II-2.1                       Sample Technology Plan
II-2.2                       Network Audit Checklist
II-2.3                       Sample Privacy Policies
II-2.4                       Excerpts from Risk Management Section of ABC Finance's Strategic Plan
II-2.5                       ABC Finance – Internal Audit Schedule
II-2.6                       Enrollment Form
II-2.7                       Privacy of Consumer Financial Information
II-4.1                       Facility Security Requirements
II-4.2                       Visitor Sign-In Log
II-4.3                       Records Retention Schedule
II-4.4                       Physical Security Policy
II-4.5                       Information Assets Policy
II-5.1                       Technology Planning Survey
II-5.2                       Wireless Security Audit Work Plan
II-5A.1                     Mobile Banking Risk Assessment Checklist
II-5A.2                     Remote Deposit Capture Risk Analysis Worksheet
II-5A.4                     Vendor Selection Checklist
II-5B.2                     Mobile Device Risk Assessment Checklist

Authors / Contributors

Table of Contents


Chapter I 1 Assessing IT Security Risks A Regulatory Perspective

Chapter I 2 Conducting an IT Security Risk Assessment

Chapter I 3 Internet Banking Risk Assessment

Chapter I 4 Assessing Cloud Security

Chapter I 5 Snapshot Assessment

Chapter I 6 Assessing Privacy Policies


Chapter II 1 Technology Risk Management in Financial Institutions: Getting Started

Chapter II 2 Internet Banking Risk Management

Chapter II 3 Desktop, Server, and Network Security

Chapter II 4 Physical Security Risk

Chapter II 5 Securing Mobile and Wireless Systems

Chapter II 5A Mobile Banking Risks and Security Controls

Chapter II 5B Mobile Device Management and Security

Chapter II 6 Security of Customer Information

Chapter II 7 Securing Remote Deposit Capture

Chapter II 8 Public Website Security

Chapter II 9 Cloud Computing and ThirdParty Services

Chapter II 10 Operating System Security


Chapter III 1 Information Security Metrics

Chapter III 2 IT Security Awareness Program

Chapter III 3 Mitigating Information Security Risk Through Insurance

Chapter III 4 Computer Security Logs and Audit Trails

Chapter III 5 Backup and Recovery Planning

Chapter III 6 Creating a Business Continuity Plan

Chapter III 7 Continuity Planning and the Systems Development Life Cycle

Chapter III 8 Monitoring IT Security

Chapter III 9 Security Policies

Chapter III 10 Required Disclosures

Chapter III 11 Complying with Customer Identification Requirements