3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.



Similar documents
Corporate Account Takeover (CATO) Risk Assessment

Your security is our priority

Best Practices For Department Server and Enterprise System Checklist

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Business ebanking Fraud Prevention Best Practices

Remote Deposit Terms of Use and Procedures

Best Practices Guide to Electronic Banking

Barracuda Spam Firewall

Frequently Asked Questions

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

Cybersecurity Health Check At A Glance

Migration Manual (For Outlook Express 6)

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Security Threat Risk Assessment: the final key piece of the PIA puzzle

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Network Security and the Small Business

Cyber Security: Beginners Guide to Firewalls

Supplier Security Assessment Questionnaire

Network and Security Controls

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Migration Manual (For Outlook 2010)

Payment Card Industry (PCI) Compliance. Management Guidelines

INFORMATION SECURITY FOR YOUR AGENCY

HIPAA Compliance Evaluation Report

Section 12 MUST BE COMPLETED BY: 4/22

This guide will go through the common ways that a user can make their computer more secure.

Payment Card Industry Self-Assessment Questionnaire

Security aspects of e-tailing. Chapter 7

IT Security Procedure

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

SECURITY THREATS: A GUIDE FOR SMALL AND MEDIUM BUSINESSES

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Security Policy JUNE 1, SalesNOW. Security Policy v v

Basic Computer Security Part 2

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Introduction to WSU

What you can do prevent virus infections on your computer

Apps4Rent Hosted Exchange Spam Management Interface Guide.

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Symantec Hosted Mail Security Getting Started Guide

Department of Education. Network Security Controls. Information Technology Audit

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Designing a security policy to protect your automation solution

Fraud Detection and Prevention. Timothy P. Minahan Vice President Government Banking TD Bank

Stable and Secure Network Infrastructure Benchmarks

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Data Stored on a Windows Server Connected to a Network

GFI White Paper PCI-DSS compliance and GFI Software products

How To Protect Your School From A Breach Of Security

Computer Security: Best Practices for Home Computing. Presented by Student Help Desk Merced Community College

11 NETWORK SECURITY PROJECTS. Project Understanding Key Concepts. Project Using Auditing and Event Logs. Project 11.3

Perspective on secure network for control systems in SPring-8

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Information Technology General Controls And Best Practices

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

University of Pittsburgh Security Assessment Questionnaire (v1.5)

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

How To Audit The Mint'S Information Technology

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

SECURITY THREATS: A GUIDE FOR SMALL AND MEDIUM ENTERPRISES

Internet threats: steps to security for your small business

THE BUSINESS CASE FOR NETWORK SECURITY: ADVOCACY, GOVERNANCE, AND ROI

Corporate Account Takeover & Information Security Awareness. Customer Training

IT Service Desk

933 COMPUTER NETWORK/SERVER SECURITY POLICY

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

Hardware and Software Security

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Eleventh Hour Security+

Identity Theft Prevention Program Compliance Model

How To Manage Your Information Systems At Aerosoft.Com

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Client Security Risk Assessment Questionnaire

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Cyber Self Assessment

Data Stored on a Windows Computer Connected to a Network

Using the Barracuda Spam Blocker

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Transcription:

As your trusted financial partner, Maps Credit Union is committed to helping you assess and manage risks associated with your business online banking. We recommend that you do a periodic risk assessment to ensure that you have the necessary controls in place for your processes, systems, and personnel. This risk assessment tool can help you assess your systems and make any needed changes. Physical Security 1. What level of security have you employed for your critical systems, including those used to access online banking? a. They are behind a locked door. b. They are in a restricted area. c. All computer systems are in a public area. 2. Are your employees trained to lock their workstations before leaving them? b. Yes, but locking is only done manually. c. Yes, and each workstation auto- locks after a period of inactivity. 3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. 4. How are passwords stored? a. Employees remember them or keep a log on their computer or in a locked desk drawer. b. They are written on sticky notes or paper placed by the computer. Computer Security 5. Does your network employ a firewall? 6. Do you use Internet content filtering? We have an Internet content filter in place. c. Yes. Internet traffic on the system(s) used for online banking activities is completely restricted only to sites needed for necessary business functions. 7. Do you filter SPAM email? b. Yes.

8. Do you employ an intrusion detection or prevention system (IDS/IPS) for network traffic? 9. Is your anti- virus software up- to- date on workstations and servers? a. Yes, on critical systems. b. Yes, on all systems. 10. How do you handle software and operating system updates? a. We have no formal process. b. Staff chooses when to install updates and patches with little or no guidance from IT staff or management. c. We have a formal process that ensures all updates and patches are installed at least monthly. 11. Is wireless technology used on the same network as the system used to access online banking? a. Yes, and wireless traffic uses WEP encryption. b. Yes, and wireless technology uses industry- approved encryption (e.g., WPA). c. Yes. d. No. Personnel Security 12. Do your employees sign an Acceptable Use Policy? a. On hire. b. At least once a year. 13. Do you screen employees before hire? b. Yes. We background screen employees in specific positions. c. Yes. We run full background checks on all employees. 14. Does your management team stay abreast of potential information security threats and the steps that can be taken to mitigate them? 15. Do you require security awareness training of the employees who use business online banking? b. Once a year or more.

c. On hire. 16. Are duties related to online banking and financial management segregated? a. One individual has access to all portions of online banking, though other employees are cross- trained to cover vacations or staff changes. b. Yes, this is an important component of our fraud prevention plan. Scoring and Explanation 1. a: 1 b: 2 c: 5 The more you restrict access to systems that can access your online banking, the more secure it will remain. 2. a: 5 b: 2 c: 1 Locking workstations, even in areas that are physically secure or restricted, is critical to maintaining their security. Each user should lock their computer when they get up, even for a short time, and your IT team should set them to auto- lock after a specific period of inactivity. 3. a: 3 b: 5 c: 1 Administrators have special levels of access to install software and use devices, so it is best to restrict that level of access as much as possible. 4. a: 1 b: 10 Instruct employees to store passwords in a secure location, not out on their desk or stuck on their monitor. 5. a: 1 b: 15 Make sure you have a firewall installed and that you keep it up- to- date. 6. a: 2 b: 5 c: 1 Content filters can provide another line of defense on critical systems by blocking non- mission- critical types of Internet content. 7. a: 5 b: 1 Filtering SPAM emails before they make it to employee inboxes helps mitigate risk by ensuring that employees have fewer opportunities to click links that download Trojans, worms, or viruses. 8. a: 1 b: 3 An IDS/IPS is a smart choice to monitor Internet traffic for potential problems. 9. a: 3 b: 1 c: 5 Keeping anti- virus software up- to- date on all systems is crucial to protecting your systems. If keeping it updated on all systems isn t feasible, then make sure updates

are installed on critical systems and servers. Automating full system scans and updates helps ensure that the process happens on an ongoing basis; try scheduling full system scans overnight or during off- hours to minimize slowing down employee work. 10. a: 5 b: 3 c: 1 Software and operating system manufacturers continually release security patches that can prevent unauthorized intrusions into your critical and non- critical computer systems. A formal process to ensure that these patches and software updates are installed regularly will help protect your network and systems. Try automating the update process when your software supports it. 11. a: 2 b: 1 c: 15 d: 1 Wireless traffic can open security holes in your network, so be careful about the types of devices you allow to access your systems over wireless networks. Either lock your network down to wired traffic only or ensure that wireless devices use higher- level security encryption, such as WPA. Ensure that your IT staff have customized the configuration of your wireless access points to make it harder for unauthorized individuals to find and use them. 12. a: 2 b: 1 c: 5 An AUP provides users with concrete guidelines for what they can and cannot do on your computer systems and network. You should review your policy annually or more often to ensure that you make changes if there are new technologies or situations that need to be covered. Also ask your employees to review the policy, even if there are no changes, so that it remains fresh in their minds. 13. a: 5 b: 2 c: 1 Background screening is an important part of an overall hiring strategy that mitigates risk for your organization. Consider screening all employees before hire. 14. a: 1 b: 5 Management should stay up- to- date on new developments in online and computer security, as well as credible threats. 15. a: 5 b: 1 c: 2 Security awareness training should be part of your annual or semi- annual requirements for all employees who have access to your business online banking. Topics covered should include computer and network security policies, password guidelines, ways to recognize and avoid social engineering, and so on. 16. a: 4 b: 1 c: 5 One of the best ways to prevent internal fraud is to ensure that multiple employees have access to financial information and that financial duties are spread among employees. For example, one employee could enter AP data and cut checks, and a second employee could audit printed checks monthly through online statements or

printed statements. This ensures that discrepancies are caught early and can prove a deterrent. Add your total score to see whether your risk rating falls in a category you can tolerate. Cumulative Risk Rating Low (0-15) Low (0-15) Critical (35+) Medium (16-25) High (26-35) Medium (16-25) High (26-35) Critical (35+) If you fall into the High or Critical categories, consider enacting some of the recommended strategies above.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information