Business Risk Assessment

Commercial E-Banking Risk Assessment and Controls Evaluation

Purpose

The following e-banking risk assessment and controls evaluation is provided to assist commercial Internet banking users in identifying threats and measure the strength of their controls.

Risk Assessment Questions

For each question, select the answer that best represents your environment. Following the assessment, use the "Control Evaluation - Tips" to evaluate your environment.

Personnel Security

  • Are employees required to sign an Acceptable Use Policy (AUP)?

    OK Are employees required to sign an Acceptable Use Policy (AUP)? is required

  • Does each employee using Internet banking go through security awareness training?

    OK Does each employee using Internet banking go through security awareness training? is required

  • Do you complete background checks on employees prior to hire?

    OK Do you complete background checks on employees prior to hire? is required

Computer System Security

  • Is a dedicated computer system used for e-Banking activities?

    OK Is a dedicated computer system used for e-Banking activities? is required

  • Do computer systems have up-to-date antivirus software?

    OK Do computer systems have up-to-date antivirus software? is required

  • Is there a process in place to ensure software updates and patches are applied (e.g. Microsoft, web browser, Adobe products, etc.)?

    OK Is there a process in place to ensure software updates and patches are applied (e.g. Microsoft, web browser, Adobe products, etc.)? is required

  • Do users run as local Administrators on their computer systems?

    OK Do users run as local Administrators on their computer systems? is required

  • Does a firewall protect the network?

    OK Does a firewall protect the network? is required

  • Do you have an Intrusion Detection/Prevention System (IDS/IPS) in place to monitor and protect the network?

    OK Do you have an Intrusion Detection/Prevention System (IDS/IPS) in place to monitor and protect the network? is required

  • Is Internet content filtering being used?

    OK Is Internet content filtering being used? is required

  • Is email SPAM filtering being used?

    OK Is email SPAM filtering being used? is required

  • Are users of the Internet banking system trained to manually lock their workstations when they leave them?

    OK Are users of the Internet banking system trained to manually lock their workstations when they leave them? is required

  • Is wireless technology used on the network with the Internet banking system?

    OK Is wireless technology used on the network with the Internet banking system? is required

Physical Security

  • Are critical systems (including systems used to access Internet banking) located in a secure area?

    OK Are critical systems (including systems used to access Internet banking) located in a secure area? is required

  • How are passwords protected?

    OK How are passwords protected? is required

Previous Experience

  • Have you experienced fraud through e-Banking in the past?

    OK Have you experienced fraud through e-Banking in the past? is required

  • Has malware been discovered on systems used for e-Banking activities in the past?

    OK Has malware been discovered on systems used for e-Banking activities in the past? is required
  • OK is required

We’re Your One-Stop Shop

And we’re here for you, your family, and your business.

Get to Know Us