Bank finance articles and tips

For effective protection of electronic information, all businesses and organizations should have thorough network security policies. In some industries, however, network security is not optional, and standards for guarding information and assessing systems are spelled out. Businesses not following these network security standards end up not being industry compliant. Finance and healthcare are two industries with detailed network security guidelines, and businesses and organizations in the former follow FFIEC, GLBA, and Sarbanes-Oxley.

FFIEC, or Federal Financial Institutions Examination Council, covers all principles and standards for examining and uniformity across financial institutions, and network security is one. The FFIEC Information Technology Handbook has specific guidelines for auditing a network, information security, and e-banking.

The audit portion of FFIEC security is geared toward evaluating a company's risk management practices, from internal information systems to compliance with corporate policy. Any network audit performed by or for a financial institution should identify risk exposure; promote confidentiality, integrity, and availability of information systems; evaluate management planning, compliance, and operating processes; and have corrective actions in place for business continuity planning. Business continuity planning, for network security and other aspects of a financial institution, must minimize losses, serve customers with little or no distractions, and mitigate any negative effects.

The information security portion of the FFIEC Information Technology Handbook requires a financial institution to protect its systems, media, facilities, and overall national infrastructure. For network security, this portion of the FFIEC's requirements includes reacting to changing threats and reducing risks in accordance with assessment and acceptable tolerance levels. Specifically, a company's or organization's policy must identify risks, implement a management strategy, test its implementation, and monitor the environment.

E-banking is tied to other standards for FFIEC security, but as it exposes financial institutions to greater risks, separate parameters are specified. Like any other aspect of FFIEC security, e-banking needs security controls for guarding customer information, including an authentication process. A business utilizing e-banking - and practically all banks do, these days - is liable for any unauthorized transactions, losses from fraud, and violation of laws or regulations regarding customer privacy.

The Gramm-Leach-Bliley Act (GLBA) is part of FFIEC security. GLBA 501(b), or Interagency Guidelines Establishing Information Security Standards, essentially states that all financial institutions must, through network security, protect the confidentiality of non-public customer information. In more detail, GLBA 501(b) covers informational, technological, and physical safeguards; anticipation of and protection against security threats; protection against unauthorized access and use of information; and establishing a risk-based security program.

While not part of the FFIEC Information Technology Handbook, Sarbanes-Oxley provides detailed steps and regulations for network audits. Also known as the Public Company Accounting Reform and Protection Act of 2002, Sarbanes-Oxley requires financial institutions to produce documents proving their information systems are reliable, verifiable, and secure. Section 404, specifically, requires an institution to ensure effective controls to prevent fraud, misuse, and loss of financial data and transactions are in place. These controls must be quick to detect a breach of security while noting any exceptions and take appropriate actions. Additionally, a Sarbanes-Oxley 404 audit needs to be part of a financial institution's larger network assessment.

By Irene Test
Article Source: http://EzineArticles.com/?expert=Irene_Test