IT Examiner School

Information

Description

Threats

Inherent Risk

Controls (How is it protected?)

Effectiveness of Control

Customer information files on Premier (Fiserv) system

FiServ (Premier) is Core Processing service provider

External hackers attempting to get into our system subsequently allowing access to Premier/FiServ Systems.

LOW

Username and password requirement for system entry prevents unauthorized users from accessing system User Passwords expire every 60 days. Users are set up to access applications necessary to perform their jobs.

ALL EFFECTIVE

Employees performing authorized

LOW

functions and/or transactions such as providing confidential information to unauthorized person(s) External hacker gaining access to

Information between bank and FiServ passes through a dedicated line.

LOW

confidential information

passing between Fiserv and bank.

Network Information All

Hackers

ALL LOW Network user name and password required to sign onto system

ALL EFFECTIVE

software/hardware and/or employee files that may contain private information on customers and/or bank information

Disgruntled employee(s)

Network passwords expire every 60 days. Server backed up daily. Director Server backed up to tape daily. Director Reports/images backed up to CD when Director Server is full and stored off-site. FiServ also performs back-up of bank data. Next day service level agreement with

Hardware malfunctions (e.g., servers, phone lines)