IT Examiner School, Providence, RI

Information Security Program-Highlights • Access controls on customer information systems • Access restrictions at physical locations containing customer information • Encryption of electronic customer information, including while in transit or in storage on networks or systems • Procedures designed to ensure that customer information system modifications are consistent with the financial entity’s information security program • Dual control procedures, segregation of duties , an employee background checks for employees responsibilities for or access to customer information Information Security Program- Highlights (Cont.) • Monitoring systems and procedures to detect attempted attacks, intrusions, and modification of customer information systems • Incident response programs that specify actions to be taken when the entity suspects or detects unauthorized individuals have gained access to customer information systems to regulatory and law enforcement agencies • Measures to protect against destruction , loss, or damage of customer information due to environmental hazards, technical failures, or breaches. • Measures for properly disposing of sensitive customer data or other nonpublic, proprietary information.