Prevention

Prevention measures include sound security policies, well-designed system architecture, properly configured firewalls, and strong authentication programs.  Two prevention measures are vulnerability assessment tools and penetration analyses. Vulnerability assessment tools generally involve running scans on a system to proactively detect known vulnerabilities such as security flaws and bugs in software and hardware.   These tools can also detect holes allowing unauthorized access to a network, or insiders to misuse the system.  Penetration analysis involves an independent party (internal or external) testing an institution’s information system security to identify (and possibly exploit) vulnerabilities in the system and surrounding processes.   Using vulnerability assessment tools and performing regular penetration analyses will assist an institution in determining what security weaknesses exist in the bank's information systems.

What the regulators have to say about Prevention.