Callahan Clients, please log in for direct access to:
Learn What You're Missing
Upgrade Your Subscription
Thank you for your interest in reading the fantastic content we have on CreditUnions.com! However, the page you are trying to access is for subscribers-only. To learn more, select an option below.
All users must now log in to read, research, browse, and have fun on CreditUnions.com. Yes, we still offer freebies. And, yes, it’s worth the extra effort.
Print or PDF this article today because you won't have access to it later. Or, click here to learn how to get 24/7 access.
By Digital Defense, Inc.
Think risk management.
That is the bottom line. For so long there has been an aura of mystery
surrounding computer systems. Historically, Information Systems
has been an area relegated to the ''gurus'' who cast spells
behind closed doors and speak in the weird language of ''bits
and bytes''. Unfortunately, the world we live in is demanding
that we now become fluent in this strange language. The paradox
is that we are being forced to utilize that which we don't fully
if we were to build a new ''bricks and mortar'' branch for
our members, we would not forgo the security system because we didn't
understand the intricacies of the wiring diagram. We would not keep
our cash in a suitcase rather than a fortified vault. We would not
ask the guard to go unarmed, because it is intimidating and inconvenient
for our members. However, I would argue that every day new ''virtual''
branches are being established without the same level of due diligence
There is only
one difference between the ''bricks and mortar'' and ''virtual''
worlds. The physical branch services a set number of individuals
in proximity to the location. The e-branch services the entire Internet.
The fact is that the entire world potentially has access to the
services that we offer and we must realize the importance of diligently
working to protect those assets and our member information. In that
we apply risk management principles and procedures to dealing with
the risks that our ''bricks and mortar'' credit unions are
exposed to, we must exercise the same amount if not more due diligence
in dealing with our online services.
Now that we
better understand that Network Security is truly a Risk Management
Issue, we are now able to start applying some basic Risk Management
principles to the deployment and usage of on-line assets. Just as
with managing other risks, we must:
In that it is
impossible to effectively mitigate and transfer risk of which we
have no comprehension, the most important step in this process lies
in the analysis and quantification of the risk at hand. We need
to thoroughly understand the extent to which our organizations are
leveraged in order to get a handle on how we can effectively control
All too often
we hear credit union executives say, '' We do not have home
banking, so we couldn't possibly be at risk.'' Unfortunately
this misconception is extremely dangerous. These well-intentioned
organizations do not realize that any connectivity, whether it be
web access at the desktop, email, or even dial-up activity can pose
serious threats to the integrity of their privileged and very sensitive
The NCUA itself
realizes the importance of ''self-evaluation'' or analysis
as the first step in managing security risks. A good portion of
the examiners' checklist for Ecommerce activity is devoted to internal
assessments, policy and procedure development and risk awareness.
To make progress along these lines, it is important to highlight
a few critical questions that we should all be asking ourselves:
Once we are
able to address this list of questions, we will have effectively
surmounted over 50% of the battle. By raising the level of awareness
in our credit unions and keeping that level high, we build a security
Network Security as a risk management issue, we can better handle
the pressures of what can be a very perplexing issue. The fact is
that we have to offer certain services to our members. The Market
demands that we stay competitive. With those services comes an inherent
level of risk; some of which will never be mitigated. Let us apply
the Risk Management techniques that we have become experts at over
the years to this issue. Not only will it bring a healthy dose of
perspective to what for a lot of us is so foreign, but we will also
make progress in securing our networks while we are at it.
To keep abreast
of network security issues as they effect credit unions, please
feel free to subscribe to our biweekly ''CUSecure'' email
newsletter by clicking on the link below.
For more information
on Digital Defense, Inc. and our suite of service offerings, please
go to www.digitaldefense.net.
For direct inquiries,
please send requests to email@example.com.
This sponsored content article is provided to the credit union community for shared insights and knowledge from a recognized solutions provider in the industry. Please note that the views and opinions offered here do not reflect those of Callahan & Associates, and Callahan does not endorse vendors or the solutions they offer.
If you are interested in contributing an article on CreditUnions.com, please contact our Callahan Media team at firstname.lastname@example.org or 1-800-446-7453.
July 30, 2001
No comments have been posted yet. Be the first one.
Submit your email address to receive daily industry updates and web-only features.
P: (800) 446-7453 | F: (800) 878-4712
1001 Connecticut Ave. NW Suite 1001
Washington, DC 20036