Media

FIL-105-2007: Webcast comments

Previous: FIL-105-2007: Webcast comments, Part 2
Next: Security Tools released at Blackhat 2007

Jan 24, 2008 by Matt Anthony


Filed under General category.

We had a very interactive webcast discussing these topics impacting banks on Thursday, January 24. In particular, many attendees shared their experiences with the new FIL questionnaire. We’ve edited and summarized some of the comments here. Look for more blog posts regarding this webcast in the next week. Thanks to everyone who shared information!

Helpful Links:

FDIC site: FIL-105-2007

FDIC site: Instructions for Completing the Information Technology Examination Officer’s Questionnaire

SecureWorks site: Archive of the webcast, “Regulators Raise the Bar: Latest FIL’s and Rules”

Who has received the questionnaire?

Q: Have you received the questionnaire? Have you been examined using the new questionnaire?

A: Of those who responded, 63% had received the questionnaire. Less than 5% had been through a full audit with the new questionnaire. Two other observations: First, no one that mentioned being an OCC bank had received the questionnaire. Second, a sizable percentage had received it from another source, such as state examiners or internal audit groups.

Comments on the questionnaire and examinations

“During the FDIC audit our bank completed in October, there was significant emphasis on vendor management oversight, security and business continuity. If you have a solid internal Audit Dept that has reviewed your overall procedures, it makes the overall process much easier.”

“I went through this FDIC exam a couple of months ago, and they killed me with the patch management procedures and the audit logs. They wanted to know exactly what the SecureWorks scan we had previously done had scanned for. The examiners also wanted me to set up a test server with a test PC to test OS patch management before releasing to the production network.”

“I went through the FDIC exam in November and it was the toughest exam I have been through in my 31 year career in banking.”

“Be very careful in having all policies written, complied with, updated and reviewed annually.”

“Have audit procedures in place for everything. Keep logs, review logs, have everything in writing and comply to the letter with what you have written.”

Next week, we’ll provide our take on some of the other questions we received.

This entry was posted on Thursday, Jan 24, 2008 at 9:00 PM, EST.

Share This Information | Email Icon Facebook Icon Twitter Icon ShareThis IconShareThis

Add a Comment

By posting you agree to our terms and conditions. All fields are required.

Comment
Your Email:
Your Name:
Your Comments:
Captcha images
Enter Text Displayed :

Request Info Now




Subscribe to SecureWorks'
On the Radar Newsletter
Yes     No

Newsletter Signup

* First Name:
* Last Name:
* Email Address:


most popular pages

SecureWorks Blog Topics