IT Examiner School

shred room where there were customer checks with names and account numbers visible. I was allowed behind the teller line. I was allowed into Safety Deposit Box vault and the Vault behind the teller line.”

Gramm-Leach-Bliley Act Section 501 (b) Review

As published in the Federal Register on May 23, 2002 (Vol. 67, No 100):

• Subsection 314.3 – Standard for safeguarding customer information. o (a) Required the development, implementation and maintenance of an Information Security Program

The Bank has established and implemented a documented Information Security Program and utilizes other policies and procedures to support and enhance the program.

• Subsection 314.4 – Elements. o (a) Designate an employee or employees to coordinate your information security program.

The Board has designated NA Erin Fossil as Information Security Officer to coordinate the development and provide oversight of the information security program.

o (b) Requires the institution to identify internal and external risks to customer information via a risk assessment and to assess the sufficiency of the safeguards in place to control or mitigate those risks.

The Bank has not performed an adequate risk assessment of internal customer information and sensitive data.

Employee training on information security procedures and customer information has been implemented and is tracked by management. Status of the training in each department is reported to NA Fossil. The Bank utilizes an Intrusion Detection/Prevention System which enhances IT’s ability to detect and prevent intrusions and hacker threats. o Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguard’s key controls, systems and procedures.

The Information Security Program has minor weaknesses.

o (d) Oversee service providers by: