Academic journal article ABA Banking Journal

Application Security: Access Controls to Reduce the Threat of the Disgruntled or Dishonest Employee

Academic journal article ABA Banking Journal

Application Security: Access Controls to Reduce the Threat of the Disgruntled or Dishonest Employee

Article excerpt

Financial institutions are responsible for ensuring that systems and data are protected against risks associated with technology and computer networks. If a bank is relying on a third party to provide them with an application that utilizes or processes customer nonpublic personal financial information (customer data), then bank management must understand the provider's information security features to effectively evaluate the application's ability to protect the customer data.

Examiners have noted that the risk of unauthorized use or disclosure from disgruntled or dishonest bank employees is generally higher than the risk of exposure from elements outside of the bank. As a result, that is the threat they are trying to protect against when assessing the security features of a software application. Accordingly, internal security features designed to minimize that risk will be a focus during examination.

Examiners mention phrases such as "appropriate measures," "adequate safeguards" and "appropriate for the level of perceived risk." Those are all pretty ambiguous phrases, but they are almost verbatim from the Security Guidelines adopted by the regulatory agencies. What they are saying is that there is not a single security program that would be appropriate for adoption by all banks. Each bank is required to design a security program that addresses risks uncovered during the risk assessment process. What they design and implement is dependent upon the relative risk surrounding their treatment of customer data. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.