IT Examiner School

Host 192.168.253.6 – IE Enhanced Security Configuration for Administrators- The use of Internet Explorer is not restricted for administrators on this server. Solution: Install Internet Explorer Enhanced Security Configuration. Management response : The security configuration has been installed.

Access Controls Findings

Level of Risk

Workstation Controls Review. The Bank has very few remaining PC’s, however the workstation reviewed at the South branch did not have a password-protected screen saver enabled. This violates the Bank’s Information Security Program regarding Physical Security of Information Assets.

Low

A password-protected screen saver should be enabled. Resolution of this issue is currently hindered because the PC’s operating system which does not allow administration of group security server, as is the case with the thin client terminals. Management Response: The PC was removed from the Branch and will no longer be used. Findings Level of Risk

There are four (4) user accounts on the Fiserv system that could not be identified as current employees of the Bank.

Medium

Management should more frequently review user accounts in the core system to validate accounts and ensure proper user access. During the audit, management resolved this item and provided documentation that three of the accounts were no longer on the system and the remaining one was for an independent contractor In the Operations department.

Data and Procedural Controls Findings

Level of Risk

Disaster Contingency Plan Review: The plan does not include: 1) Power-off procedures; and 2) Server restart and recovery procedures.

Low

The plan should adequately detail staff procedures for operating when it is necessary to move to an alternative location. The plan should also provide for as speedy a recovery as possible.