Presentation is loading. Please wait.

Presentation is loading. Please wait.

Atlanta Region 5/4/2015All rights reserved1 IT Regulatory Update and Review Aasys User’s Group Conference December 8, 2009 Richard Snitzer Examination.

Similar presentations


Presentation on theme: "Atlanta Region 5/4/2015All rights reserved1 IT Regulatory Update and Review Aasys User’s Group Conference December 8, 2009 Richard Snitzer Examination."— Presentation transcript:

1 Atlanta Region 5/4/2015All rights reserved1 IT Regulatory Update and Review Aasys User’s Group Conference December 8, 2009 Richard Snitzer Examination Specialist (IT) Atlanta Regional Office FDIC Division of Supervision and Consumer Protection

2 Atlanta Region 5/4/2015All rights reserved2 What’s On Our Mind? Social Networking GLBA Mysterious Link between Incident Response and Business Continuity FACTA ID Red Flags Customer Education CAMELS

3 Atlanta Region 5/4/2015All rights reserved3 Social Networking

4 Atlanta Region 5/4/2015All rights reserved4 Social Networking

5 Atlanta Region 5/4/2015All rights reserved5 Social Networking

6 Atlanta Region 5/4/2015All rights reserved6 Social Networking BanksCredit UnionsFans/Followers Twitter 137246110,123 Followers YouTube 49703,650 Videos Facebook 24223,000 Posts/day Source: Visible Banking, 5/31/2009 There’s an app for that!

7 Atlanta Region 5/4/2015All rights reserved7 Social Networking - General Facebook/Twitter –“Web Site” Rules Apply –BSA/AML Risk Assessment –Required Information Can: Appear in a table or schedule Refer to table/schedule

8 Atlanta Region 5/4/2015All rights reserved8 Social Networking - Security Secure Communications –If containing PII Phishing Attempts Are a Concern If You Archive the Pages, E-Discovery Rules Apply

9 Atlanta Region 5/4/2015All rights reserved9 Social Networking - Customer Allows free flow of customer feedback Allows Compliance and Risk Management officers to learn what may be really happening in the branches Customers complaints should be archived –Including CRA comments

10 Atlanta Region 5/4/2015All rights reserved10 Risk Management Go-Forward Strategy Establish an enterprise-wide Information Security Program Board and executive management oversight of the Information Security Program Executive management ownership is required

11 Atlanta Region 5/4/2015All rights reserved11 Gramm-Leach-Bliley

12 Atlanta Region 5/4/2015All rights reserved12 IT Risks Elevated Privileges Network Operating Systems –Windows GPOs

13 Atlanta Region 5/4/2015All rights reserved13 The Missing Link? Incident Response and Business Continuity $90 to $305 per customer record $50 Incident Response $20-$30 in Lost productivity $20-$100 Opportunity costs $25 Card replacement or civil penalties $25 to $60 potential regulatory fines Reputational risk? Priceless. Source: “Calculating the cost of a security breach”; Khalid Kark, Forrester.com; Apr. 10, 2007

14 Atlanta Region 5/4/2015All rights reserved14 Other Topics FACT Act ID Theft Red Flag Rules Examiner Training Vulnerability/Pen Test Customer (and employee) Education W2000 and W2003 CA M ELS

15 Atlanta Region 5/4/2015All rights reserved15 Your Turn

16 Atlanta Region 5/4/2015All rights reserved16 Thank You! Richard Snitzer, CFE, CISA, CISSP, CBCP rsnitzer@fdic.gov 678.916.2224


Download ppt "Atlanta Region 5/4/2015All rights reserved1 IT Regulatory Update and Review Aasys User’s Group Conference December 8, 2009 Richard Snitzer Examination."

Similar presentations


Ads by Google