LOCKNET IT Solutions

Compliance

LOCKNET™ helps numerous companies, organizations and financial institutions review for compliance with a number of regulations such as those listed below to protect against fraud related activity in connection with your network.

• USA Patriot Act - Customer Identification Programs (CIP)
• Proper Disposal of Consumer Credit Reports under FACTA
• Red Flags procedures under FACTA
• Gramm-Leach-Bliley Act
• Financial Privacy Rule
• Safeguards Rule
• Pretexting Provisions
• Bank Service Company Act
• Bank Protection Act

In addition to the Penetration Testing and Network Vulnerability Assessment completed directly on your network, it is also important to test operational vulnerabilities. Examiners look for assurance that security extends beyond your network to employee procedures and physical aspects of your building.  

 

back to top

Red Flags Compliance Program

The final day for Red Flags Compliance has come and gone. But if your business or Financial Institution is still in need of Red Flags consultation or program development, LOCKNET™ IT Solutions is continuing to provide assistance.  
 
Click here to learn more about the LOCKNET Red Flags Compliance Program.

 

back to top

Physical Security Assessment Investigates Facility Security Vulnerabilities

A Physical Security Assessment is a comprehensive evaluation of the non-technical part of information security. LOCKNET™ will make recommendations for rectifying issues found during the facilities review. This includes a thorough inspection of the building and work areas to identify physical security risks around your facility including:

• Camera placement and procedures
• Alarm system and procedures
• Locks on doors, windows that open, and file storage areas
• Proper lighting for cameras, security lighting and emergency exit lighting or signs
• Safety devices such as smoke detectors, fire suppression systems and extinguishers
• Hazards such as improper use of outlets or surge strips, blocked exits or cluttered areas
• Opening and closing procedures
• Access to areas that contain confidential information by outsiders
• Access to server room
• Monitors or screens viewable by outsiders
• Workspace free of confidential information
• Sticky notes with passwords or confidential information

back to top

IT Policy and Documentation Review 

A strong policy framework is the cornerstone of solid information security. LOCKNET™ can review your current documentation and verify the existence of current policies that are up to date and effective. We can also help co-author any policies that need to be updated or added. Below is a sample list of policies that are frequently found in a strong IT policy handbook:

• Information Security Policy - explains the security procedures, software and hardware that the financial institution uses to protect information systems
• Internet Acceptable Use Policy – sets acceptable internet use for the institution
• Electronic Communication Acceptable Use Policy – sets acceptable email, voice mail, fax, cell phone, PDA usage
• Password Policy – defines password requirements for the various systems used
• Patch Management Policy - defines patch management strategy and patch installation time frames
• Patch Management Documentation Spreadsheet – helps document patch management efforts
• Vendor Management Policy - sets standards by which IT vendors are measured and assessed
• Vendor Management Documentation Spreadsheet – helps document vendor management efforts
• Clean Desk Policy – sets standards for employees to follow when working with non public personal information
• Information Disposal Policy – defines how the institution will dispose of confidential information, old computers, CDs, DVDs, disks, reports, etc.
• IT Risk Policy – defines IT risk and how the organization will minimize those risks
• Incident Response Program - details how the organization will react in the event of an information breach
• Remote Access Police – defines remote access security and standards

back to top

Business Continuity and Disaster Recovery Review
Business Continuity Consulting and Planning Aids in Disaster Recovery

Business Continuity Consulting Services and effective Business Continuity Planning can prevent a disruption of network services or other critical operations—disruptions that can result in partial or complete loss of operations.

Business Continuity Planning factors are listed In the FFIEC IT Examination Handbook/Business Continuity Planning (BCP) Booklet designed for the financial industry. It lists the following six factors as critical aspects of effective Business Continuity Planning:

• Business Continuity Planning should be conducted on an enterprise-wide basis.
• Business Continuity Consultants at LOCKNET can provide a thorough business impact analysis and risk assessment, both of which make up the foundation of an effective Business Continuity Plan.
• Business Continuity Planning is more than the recovery of the technology; it is the recovery of the business.
• The effectiveness of a Business Continuity Plan can only be validated through thorough testing by LOCKNET's Business Continuity Consultants.
• The Business Continuity Plan and test results should be subjected to an independent audit by a Business Continuity Consultant.

To ensure that your business continuity plan is effective, LOCKNET's consultants will review your plan and recommend updates needed in order to reflect and respond to changes in your institution.

back to top

Risk Assessment 

Risk assessments integrate two quantities of risk; the magnitude of the potential loss, and the probability that the loss will occur. Risk assessments may be the most important step in the risk management process.

Once risks have been identified and assessed, the steps to properly deal with them are much more programmatical. Senior management has an active role to ensure IT-related risk identification and assessment efforts are coordinated and consistent throughout the organization. An effective risk assessment process improves policy and internal control decisions across the organization.

Risk Assessment Process:

1. System Identification
2. Threat Identification
3. Vulnerability Identification
4. Control Analysis
5. Likelihood Determination
6. Impact Analysis
7. Risk Determination
8. Control Recommendation
9. Results Documentation

LOCKNET™ will perform a review of your organization's risk assessment and internal controls to ensure that these areas are properly addressed. We verify that your risk assessment process includes ongoing monitoring to keep the process continuous instead of a one-time or annual event.

back to top

Staff Compliance Training

Training is critical to make sure you are prepared for regulatory examinations and to ensure customer information is being treated with the highest level of respect by your employees.

In order to maintain proper information security, it is important that employees understand the importance of policies and procedures that can affect them. LOCKNET™ offers training programs for your staff, or a train the trainer program so that your key employees are ready to provide ongoing training and support.

Training programs can be based on best practice standards as set out by regulatory agencies, or LOCKNET™ can customize programs based on findings from security assessments performed on your institution and your staff. It is important that training is up to date with the latest standards.

back to top

Customer Education
Customer Security and Identity Theft Training

Identity theft and breaches in information security can occur beyond the boundaries of your building and your network. Your customers are susceptible to malicious acts whenever they access their records or confidential information. LOCKNET™ offers customer education programs on your behalf to help them understand the importance of security at home.

Customer Education not only shows that you are concerned about the security of their confidential information, but is also a way to better protect your institution from security breaches.