193
7
Testing, Auditing, and Training
Some of the information in this section was abstracted from
the Federal Financial Institutions Examination Council
(FFIEC) IT Examination Handbook. According to the
FFIEC Web site, the Council is a formal interagency body
empowered to prescribe uniform principles, standards, and
report forms for the federal examination of financial institu-
tions by the Board of Governors of the Federal Reserve Sys-
tem (FRB), the Federal Deposit Insurance Corporation
(FDIC), the National Credit Union Administration
(NCUA), the Office of the Comptroller of the Currency
(OCC), and the Office of Thrift Supervision (OTS), and to
make recommendations to promote uniformity in the
supervision of financial institutions. While our purpose
here is not to focus specifically on the security controls of
financial institutions, it is worthwhile to understand their
examination process, because the rigor applied to IT and
security controls in financial institutions is generally much
greater than that of everyday corporate settings—the pri-
vacy of individual data and protection of money, let alone
the legal issues surrounding the protection of privacy, are strong motiva-
tors for protecting data.
Information security is the process by which an organization protects
and secures systems, media, and facilities that process and maintain infor-
mation vital to its operations. The security of systems and information is
essential to the privacy of organizational and corporate customer informa-
tion. Security professionals must maintain effective security programs ade-
quate for their organizations operational complexity. These security
programs must have strong board- and senior management-level support,
integration of security responsibilities and controls throughout the organi-
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.108.168