IT Security Management Manual

by (Author)
Publisher: LexisNexis Sheshunoff
Frequency: (1 issues)

Select a format

Book :+ Folio exe file
ISBN: 9780769878300
In Stock
Price
$812.00
QTY
Details
eBook :epub
ISBN: 9780769879727
In Stock
Price
$758.00
Best value
QTY
Details
eBook :mobi
ISBN: 9780769879727
In Stock
Price
$758.00
Best value
QTY
Details
Downloadable Content :exe
Not sold separately
ISBN: 9780769878300
In Stock
Price
$812.00
Details
International Order Inquiry

Product details

View a sample of this title using the ReadNow feature

While the business of banking continues to change, so do the risk exposures that financial institutions face. In an environment of accelerating change, information technology has increasingly taken center stage as institutions continue to strive to offer new and more efficient means of delivering products and services to customers who rush to adopt them. The reality is that, as financial institutions increase their reliance on technology, they must also face and resolve an ever-changing host of new IT security risks.

The IT Security Management Manual has been in publication for almost a decade. It reflects the factors influencing technology security in financial institutions within those years, and the increased focus on risk management. Cloud computing, virtualization, consumerization, and mobile access are a few of the important areas covered in the manual.

Subscribers will receive a downloadable file containing editable forms

The eBook versions of this title feature links to Lexis Advance for further legal research options.

Editable Documents

The publication subscription includes downloadable files delivered through the LexisNexis® Store download center. The downloadable files include the following features:

•  The entire publication is provided in a Folio infobase, offering a robust search engine and the ability to jump from one search match to the next through the entire publication. The Table of Contents for the entire publication can be viewed side-by-side with the text.

•  Editable Microsoft® Word files are included in the Folio infobase and can be downloaded and customized. The Word files are fully Formatted and will be updated to reflect changes made in corresponding text sections of the publication. Word files are provided for a variety of documents, including exhibits, Checklists, sample policies, sample Procedures, sample audits, Questionnaires, and model Forms.

This publication includes editable Word files for the following documents:

No.                        Title
I-2.1                       Information Security Risk Assessment Worksheet
I-2.2                       Information Technology Risk Assessment Worksheet
I-4.1                       Determining Cloud Services Minimum Security Requirements
I-6.1                       Privacy Rule Checklist
II.10.3                    POSIX System Security Checklist
II.10.4                    OS/400 System Security Checklist
II.10.5                    Server Security Policy
II.10.6                    Server Virtualization Policy
II-2.1                      Sample Technology Plan
II-2.2                      Network Audit Checklist
II-2.3                      Sample Privacy Policies
II-2.4                      Excerpts from Risk Management Section of ABC Finance Strategic Plan
II-2.5                      ABC Finance – Internal Audit Schedule
II-2.6                      Enrollment Form
II-2.7                      Privacy of Consumer Financial Information
II-4.1                      Facility Security Requirements
II-4.2                      Visitor Sign-In Log
II-4.3                      Records Retention Schedule
II-4.4                      Physical Security Policy
II-4.5                      Information Assets Policy
II-5.1                      Technology Planning Survey
II-5.2                      Wireless Security Audit Work Plan
II-5A.1                   Mobile Banking Risk Assessment Checklist
II-5A.2                   Remote Deposit Capture Risk Analysis Worksheet
II-5A.4                   Vendor Selection Checklist
II-5B.2                   Mobile Device Risk Assessment Checklist
II-5B.3                   Mobile Device Use Policy
II-6.1                      Customer Response Program Checklist
II-7.2                      Sample Commercial Client Remote Deposit Risk Assessment
II-7.4                      Remote Deposit Underwriting Checklist
II-9.2                      Cloud Computing Guidelines
II-9.3                      Cloud Computing Risk Assessment Checklist
II-9.4                      Cloud Computing Policy
III-11.1                   Sample Customer Identification Program
III-11.2                   Sample Bank Secrecy Act Policy
III-11.3                   Risk-Based Analysis for CIP Programs
III-11.4                   CIP Sample Audit Worksheet
III-12.4                   Sample IDPS Requirements
III-12.5                   Initial Research Questionnaire
III-12.6                   Vendor Questionnaire
III-12.7                   Cost Analysis Worksheet
III-13.1c                   Checklist of IT Documentation
III-13.2                   Sample Description of the Security Committee
III-13.3                   Security Policy Responsibility Chart
III-13.4                   Termination/Separation Checklist
III-13.5                   General Computer Security and Controls Risk Assessment Worksheet
III-1.1                     Sample SDLC Metrics
III-1.2                     Metrics Template and Instructions
III-1.3                     Metrics for Board of Directors/Trustees
III-1.4                     Metrics for Management
III-1.5                     Technical Metrics
III-3.1                     Insurance Analysis Worksheet
III-5.5                     Off-Site Storage Risk Assessment Worksheet
III-5.6                     Backup Routines
III-6.1                     Risk Assessment Form
III-6.2                     Business Impact Assessment Questionnaire
III-6.3                     Comparison of Recovery Strategies
III-6.4                     Alternate Facility Locations
III-6.5                     Facility Specifications
III-6.6                     Sample Business Continuity Plan Contents
III-6.7                     Standard BCP Format
III-6.8                     BCP Test Schedule
III-6.9                     Test Preparation Worksheet
III-6.10                   Test Problem Form
III-6.11                   Test Problem Log
III-6.12                   Acknowledgement of Receipt
III-6.13                   Plan Maintenance Request Form
III-6.14                   Plan Maintenance Log
III-6.15                   Sample Position Description for Business Continuity Planning Manager
III-6.16                   Sample Position Description for Business Continuity Planning Staff Member
III-6.17                   Distribution Register
III-6.19                   Sample Business Continuity Planning Policy
III-9.1                     Intranet/Internet Acceptable Use Sample Policy
III-9.2                     Sample Personal Computer/Network Systems Policy
III-9.3                     Sample Information Systems Security Policy
III-9.4                     Sample Internet Banking Policy
AppIII-9.1              ABC Finance Business Internet Banking Application
AppIII-9.2              ABC Finance ACH Agreement
AppIII-9.3              ACH Agreement
AppIII-9.4              ACH Agreement Operational/Security Procedures
AppIII-9.5              Resolution Authorizing ACH Agreement
AppIII-9.6              Cash Management Services Agreement
III-9.5                     Sample Information Security, PC/Network, and Intranet/Internet/Extranet Policies
III-9.6                     Emergency and Disaster Recovery Policy
III-9.7                     Change Management and Control Policy
AppIII-9.8              Change Authorization Form
I-2.1                        Information Security Risk Assessment Worksheet
I-2.2                        Information Technology Risk Assessment Worksheet
I-4.1                        Determining Cloud Services Minimum Security Requirements
I-6.1                        Privacy Rule Checklist
II.10.3                     POSIX System Security Checklist
II.10.4                     OS/400 System Security Checklist
II.10.5                     Server Security Policy
II.10.6                     Server Virtualization Policy
II-2.1                       Sample Technology Plan
II-2.2                       Network Audit Checklist
II-2.3                       Sample Privacy Policies
II-2.4                       Excerpts from Risk Management Section of ABC Finance's Strategic Plan
II-2.5                       ABC Finance – Internal Audit Schedule
II-2.6                       Enrollment Form
II-2.7                       Privacy of Consumer Financial Information
II-4.1                       Facility Security Requirements
II-4.2                       Visitor Sign-In Log
II-4.3                       Records Retention Schedule
II-4.4                       Physical Security Policy
II-4.5                       Information Assets Policy
II-5.1                       Technology Planning Survey
II-5.2                       Wireless Security Audit Work Plan
II-5A.1                     Mobile Banking Risk Assessment Checklist
II-5A.2                     Remote Deposit Capture Risk Analysis Worksheet
II-5A.4                     Vendor Selection Checklist
II-5B.2                     Mobile Device Risk Assessment Checklist

Authors / Contributors

Geoffrey H. Wold

Geoffrey H. Wold

The author, Geoffrey H. Wold, specializes in cybersecurity resilience and planning. He has performed cybersecurity assessments and developed cybersecurity plans for all sizes and types of organizations and industries. He is also the author of the LexisNexis Sheshunoff publications Information Security for Financial Institutions, IT Security Management Manual (for financial institutions), the State & Local Government Series: Business Continuity Preparedness, and Corporate Technology Planning and Management.

He holds a BA degree in mathematics and an MBA in accounting and information systems. He has received the following certifications:

•  Certified Public Accountant from the American Institute of Certified Public Accountants
•  Certified Information Technology Professional from the American Institute of Certified Public Accountants
•  Certified Management Accountant from the National Association of Accountants
•  Certified Information Systems Auditor from the Information Systems Audit and Control Association
•  Certified in Risk and Information Systems Control from the Information Systems Audit and Control Association
•  Certified in the Governance of Enterprise IT from the Information Systems Audit and Control Association
•  Certified Management Consultant from the Institute of Management Consultants
•  Certified Financial Services Auditor as awarded by the Institute of Internal Auditors.

Geoff performs and directs consulting projects for both the public and private sectors. He specializes in cybersecurity assessments and planning. His experience includes assessing cyber threats, vulnerabilities, and risks assessments; auditing cybersecurity and controls; planning cybersecurity protection and detection controls; and testing of cybersecurity and controls. His experience includes external and internal network vulnerability testing, physical security assessments, access security analyses, application security evaluations, and all aspects of general IT controls. He has performed cybersecurity assessments and developed cybersecurity plans for all sizes and types of industries.

Geoff has written and published several articles that address a wide range of planning, operational, and technology topics. He has also written eight books on business continuity planning, four books on IT security planning and management, four books on technology planning, and a book on computer crime prevention techniques. He has been a frequent speaker at industry seminars.

For more information on the consulting services available to your organization, contact Geoff Wold at (612) 805-9563.

View all products by Geoffrey H. Wold (9)

Table of Contents

PART I ASSESSING IT SECURITY RISKS


 Chapter I 1 Assessing IT Security Risks A Regulatory Perspective


 Chapter I 2 Conducting an IT Security Risk Assessment


 Chapter I 3 Internet Banking Risk Assessment


 Chapter I 4 Assessing Cloud Security


 Chapter I 5 Snapshot Assessment


 Chapter I 6 Assessing Privacy Policies


 
 PART II IMPLEMENTING IT SECURITY RISK SOLUTIONS


 Chapter II 1 Technology Risk Management in Financial Institutions: Getting Started


 Chapter II 2 Internet Banking Risk Management


 Chapter II 3 Desktop, Server, and Network Security


 Chapter II 4 Physical Security Risk


 Chapter II 5 Securing Mobile and Wireless Systems


 Chapter II 5A Mobile Banking Risks and Security Controls


 Chapter II 5B Mobile Device Management and Security


 Chapter II 6 Security of Customer Information


 Chapter II 7 Securing Remote Deposit Capture


 Chapter II 8 Public Website Security


 Chapter II 9 Cloud Computing and ThirdParty Services


 Chapter II 10 Operating System Security


 
 PART III MANAGING AND MONITORING IT SECURITY RISKS


 Chapter III 1 Information Security Metrics


 Chapter III 2 IT Security Awareness Program


 Chapter III 3 Mitigating Information Security Risk Through Insurance


 Chapter III 4 Computer Security Logs and Audit Trails


 Chapter III 5 Backup and Recovery Planning


 Chapter III 6 Creating a Business Continuity Plan


 Chapter III 7 Continuity Planning and the Systems Development Life Cycle


 Chapter III 8 Monitoring IT Security


 Chapter III 9 Security Policies


 Chapter III 10 Required Disclosures


 Chapter III 11 Complying with Customer Identification Requirements

Related Products

Corporate Information Security: Operations and Technology Management cover
Corporate Information Security: Operations and Technology Management
Starting from $301.00
Information Security, State and Local Government Series cover
Information Security, State and Local Government Series
Starting from $321.00
Corporate Technology Planning and Management cover
Corporate Technology Planning and Management
Starting from $277.00