Skip to main content

About Us

We serve the public by pursuing a growing economy and stable financial system that work for all of us.

What We Do

Who We Are

Work With Us

Overview & Mission

The Ninth District

Our History

Tours

Contact Us

Region & Community

We examine economic issues that deeply affect our communities.

The Ninth District

Regional Economic Indicators

Community Development & Engagement

The Bakken Oil Patch

Beige Book

Research

We conduct world-class research to inform and inspire policymakers and the public.

Research Groups

Topics

Data & Reporting

Banking

We provide the banking community with timely information and useful guidance.

For Banks

Data & Reporting

Banking Topics

Contact Us

For Consumers

Large Bank Stress Test Tool

CDFIs

Banking in the Ninth archive

Policy

We explore policy topics that are important for advancing prosperity across our region.

Policy Topics

Monetary Policy

Economic Research

Community Development & Engagement

Information Technology and Data Security Management

Safety and Soundness Update - March 2013

March 11, 2013

Information Technology and Data Security Management

Information Technology and Data Security Management
Creating an effective IT management framework can be very challenging for community bank management. This article suggests key areas of focus that should assist bank management. In many cases, taking care of these basics will address some of the most important IT-related threats. Consider the following questions:

Where is your data? What are your data security requirements? Banks seek to secure confidential data wherever it is; but achieving that goal is not easy. Bank data no longer sits under one roof. But banks still remain responsible for ensuring that they have effective control over it, whether it moves over a network or is stored at a third-party service provider.

Is your software updated promptly and consistently? Widely used software applications such as Java and Adobe are prime targets for hackers. Last year, Java surpassed Adobe’s Reader software as the most frequently attacked piece of software. Bank management must make sure that the most recent versions of software are in use.

Is your system ready for personal mobile devices? Using smart phones or tablets to access bank email or reports is gaining momentum. However, banks need well-thought-out controls for these “bring your own device” practices so that additional data risks are identified and controlled.

Do you have a framework? An effective framework for IT risk management includes a data classification method (private, public, internal, external) and knowing where data is (in motion, at rest, in use). The details of this framework can vary, and there are many resources to provide options for management. The key is finding a framework that works for an institution and having board and senior management support that framework.

Are you getting good feedback? Bank management needs feedback on its IT risk practices. Obtaining effective feedback requires that bank management provide details to explain its framework. An audit process of that framework driven by a data-centric risk assessment is one important source of that feedback.

More On