Information Security Standards Flashcards Preview

Additional CRCM > Information Security Standards > Flashcards

Flashcards in Information Security Standards Deck (14)
Loading flashcards...
1
Q

Who does the information security act cover

A

-All depository institutions and subsidiaries (except for brokers, dealers providing insurance, investment companies)

Customer Information - Non public information involving a bank customer( on paper or electronic)

Consumer Information -consumer record maintained or possessed by or on behalf of the bank paper or electronic form

Service providers that have access to consumer information

3
Q

Some examples of consumer information include

A
  • Consumer Reports
  • Information a bank obtains from an affiliate
  • Information of a person applying for a loan but does not receive a loan
  • information of person guaranteeing loan
  • Information from a consumer report a bank obtains about an prospective employee
4
Q

What are requirements for the Information Security Standards

A

Have a program that will manage and control the risks

5
Q

A information security program should have what charteristics

A

Be comprehensive

Has administrative, technical and physical safeguards

Be the appropriate size of the bank

Ensure security and confidentiality of customer information

Protect against unauthorized access

Properly disposes of customer information

6
Q

Managing and controlling risk during the program should consider

A

Review of access to physical locations

The encryption of customer information,

dual control,

segregation of duties

employee background checks,

Flexibility to adjust

7
Q

The grammar Leah bloody bill requires financial institutions

A

Ensure the confidentiality of customer information

Protect against anticipated threats

Protect against unauthorized use of customer information

8
Q

A OCC examination of an information security program may include

A

Board involvement

Useful management and board reporting

Evaluate risk assessment program

Determine if staff is adequately trained

Determine if key controls are tested by an independent person

Determine if thee is an effective process to adjust the program

9
Q

Acne bank is reviewing its security program for safeguarding customer information. All but one of the following functions should be included in it’s review.

A. The banks Internet website
B. The banks loan operations bank office where loan files are kept
C. The bank system of disposing of its trash
D. The banks printed marketing and promotional materials

A

D. The banks printed marketing and prompt materials

10
Q

State National Bank’s security officer is preparing for the bank annual information security review. Which of the following steps is not required for this review:

A an intrusion test of the banks online banking system

B. An audit of the bank lobby during business hours to determine whether customer information is kept private

C. A review of all contacts from service providers with access to bank customer information

D. A review of all outside window to check for physical security

A

D. A review of all outside windows to check for physical security

11
Q

Which of the following actions is Not a requirement of the banks directors in implementing an information security program
A

A. Approve the Information security program
B. Determine whether the information security officer is qualified
C. Physically audit the banks online banking system
D. Review management reports on information security periodically

A

C. Physically audit the banks on line banks system

12
Q

If a service provider what must they have in regards to this standard

A

Agreements with the bank that are in compliance with these standards

13
Q

What is the C I A triad

A

Confidentiality - prevent authorized use

Integrity - prevent unauthorized modification

Availabliliy - prevent disruption of service

14
Q

Board of directors must oversee the ____, _______,_____ of an information security program

A

Development, implementation, and maintence

15
Q

Examples of items not considered consumer information are

A

Aggregate information derived from a group of consumer reports

Blind data, such as payment history on accounts that are not personally identifiable