Pub. 14 2019-2020 Issue 2

NEBRASKA BANKERS ASSOCIATION 21 Fully registered Dealer Bank • Not FDIC Insured • No Bank Guarantee • May Lose Value FROMONE COMMUNITY BANK TOANOTHER. Country Club Bank Capital Markets Group has assisted community banks build high- grade bond portfolios that reflect specific markets expectations, product preference, income goals and overall risk parameters, since 1985. Operating in over 30 states, the Capital Markets Group is always ready to meet the needs of our fellow community bankers. We keep investing simple so that banks can focus on what really matters— lending to the communities who support us. • Portfolio Strategy, Fixed Income Sales and Service • Bond and Securities Underwriting/Trading • balanCD Brokered CD and TBA Programs We speak the same language. meaning that if you aren’t able to answer “Yes,” you will not meet the Baseline re- quirements for Domain 3. Additionally, the Quarterly Firewall Audit control ties back to the FFIEC Information Security Booklet, Page 46. Unfor tunately, the Information Security Booklet doesn’t give us much detail. It simply states, “Security op- erations activities can include the fol- lowing: Security Software and Device Management (e.g., maintaining the signatures on signature-based devices and firewall rules).” There is no other guidance or direction in the booklet, which furthers the confusion around this control. Where to Start To better understand how to assess our firewalls, let’s start by asking a few basic questions. If you are unsure how to answer any of these questions, please make finding the answer a top priority. Work with your vendor(s) or IT depart- ment to answer these questions: • Do you have any idea what is happening on your firewall? • Do you receive reports on a regu- lar basis from the firewall? • Who is administering your fire- wall, and do you have any control over this process? • What logs does your firewall gen- erate, and how can you review those logs? You don’t have to have a complete knowledge of firewall configurations and reports to meet this Baseline CAT control, but you must develop a process for reviewing your firewall rules and/or having them tested. It’s nearly impos- sible to understand what is abnormal if you aren’t aware of what is normal. Once you’ve established normal, the key is to ensure you act on any devia- tions within the reports. Tech Talk — continued on page 22

RkJQdWJsaXNoZXIy OTM0Njg2