Secure Banking Solutions
Encyclopedia
Secure Banking Solutions, also known as SBS, is a security consulting firm focused on security
in financial institution
s across the United States
. Secure Banking Solutions was formed by the National Center for Information Security at Dakota State University
by Dr. Kevin Streff. The company works closely with The Center for Information Assurance in Banking and Finance at Dakota State University, which (as of 2007) is the only center in the country dedicated to banking information security; their services help community banks
comply with Financial regulation
. Secure Banking Solutions offers a variety of services in addition to TRAC
, a product suite created for community banks in America.
, its automated software tool. Based out of Madison, South Dakota
, the company combines federal grant funding with the resources of Dakota State University to provide community banks with resources to help Banks become more secure.
Information Technology (IT) Audit:
SBS performs risk-based information technology audits that review the IT policies and procedures at banks for compliance and adequacy. SBS takes a similar approach to their audit as examiners do by using a top-down approach.
Penetration Test:
SBS simulates real-world at-tacks on banks external facing networks using a large suite of commercial and open-source tools. SBS penetration testers have been trained in the Dakota State University ethical hacker lab.
Vulnerability Assessment:
SBS performs this on-site test to help banks determine what their security weaknesses are from inside the network. SBS has developed an industry leading reporting tool to en-sure banks can fully understand the results.
Social Engineering Test:
SBS attempts to get access to sensitive information in a non-technical way. Various techniques used to get this information are phone impersonation and dumpster diving.
BSA Audit:
SBS will perform a BSA Audit which reviews your existing program to determine compliance. SBS will produce the necessary documentation to demonstrate compliance to the regulators.
Emergency Preparedness Plan Test:
SBS can perform a test of the different components of your emergency preparedness including business continuity, incident response, etc. This can be done as a table-top exercise or in a simulated event format.
Information Security Services:
Business Continuity Planning:
SBS assists banks in creating business continuity plans which meet regulatory requirements and the needs of each bank in order to allow the bank to resume operations quickly in the event of an emergency.
Incident Response Planning:
SBS can create a customized incident response plan with the supporting documents to help an institution mitigate the negative effects of a security breach and demonstrate to examiners the bank is equipped to handle such an event.
Policy & Procedure Development:
Banks need many different IT security policies and procedures such as acceptable use, personnel security, etc. SBS can take the lead in determining and developing the policies and procedures a bank needs.
Security Awareness Training:
SBS can provide training to all employees of a bank on the importance of information security and how they can help protect the bank’s sensitive information.
Identity Theft Red Flags:
As per regulatory guidance, banks are required to develop an Identity Theft Red Flags program. SBS can help banks in complying with this regulation by creating the program and required documentation.
Regulatory Crisis Management:
After a sub-standard examination from various regulatory agencies, banks can find themselves with a long list of deficiencies to be corrected in a short period of time. SBS can lead this crisis management for the bank and en-sure each deficiency is corrected.
Pandemic Preparedness:
SBS has developed a Pandemic Preparedness Toolkit which allows banks to efficiently create an effective pandemic preparedness plan. This toolkit includes a policy template as well as various work-papers, training videos, and other items needed to demonstrate to examiners the bank is prepared for a pandemic.
Service Packages:
Audit Bundle:
A complete IT Audit reviews three separate areas of information security: People, Process, and Technology.
All of these areas can be audited by completing an:
IT Audit
Penetration Test
Vulnerability Assessment
Social Engineering Test
SBS has bundled these services into a comprehensive and cost-effective solution for banks.
Maintenance Services:
The SBS Maintenance package includes nearly all of the services and products. SBS creates an annual schedule and plan of how and when each service and project is to be completed. Banks use this package to gain the security expertise needed to have successful IT examinations and promote good security, all at a low monthly cost.
Hourly Consulting:
Many banks need help occasionally to complete various information security tasks. SBS commonly enters into agreements with banks where they are available to the bank for an hourly fee. There is no minimum number of hours needed to retain SBS services, but it is nice for many banks to have a security expert just a phone call away.
TRAC:
Information Risk Assessment:
TRAC Risk Assessment allows banks to quickly and thoroughly assess the risk associated with all the information assets in the bank. It can help the bank determine where to spend their security budget. It has also passed scrutiny of FDIC, FRB, OCC, OTS, and NCUA.
Information Security Program:
This module allows banks to answer questions regarding how their bank handles information security. With the answers to these questions, TRAC can produce an effective Information Security Program.
Third Party Management (3PM):
With third party management being a hot-button for IT regulators as of late, this module will allow your bank to adequately and consistently select and manage your vendor relationships.
Action Tracking:
This unique module allows banks to manage all of the various information security activities taking place in the bank. Bank management can get immediate and detailed updates on things such as follow-up to a recent exam or mitigation completion from the most recent penetration test.
BSA Risk Assessment:
The BSA Risk Assessment module allows banks to analyze their various loan types by the eleven risk areas identified by FinCen.
Audit:
Audit allows internal auditors to audit internal security controls in a risk-based and FFIEC-based approach. TRAC Audit automates the manual audit tasks of scoping, generating work papers, and creating reports.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
in financial institution
Financial institution
In financial economics, a financial institution is an institution that provides financial services for its clients or members. Probably the most important financial service provided by financial institutions is acting as financial intermediaries...
s across the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
. Secure Banking Solutions was formed by the National Center for Information Security at Dakota State University
Dakota State University
Dakota State University is a public university located in Madison, South Dakota. The university has a technology centric focus with programs in computer and information science, business, education, physical sciences, among other graduate and undergraduate programs...
by Dr. Kevin Streff. The company works closely with The Center for Information Assurance in Banking and Finance at Dakota State University, which (as of 2007) is the only center in the country dedicated to banking information security; their services help community banks
Community banks
A community bank is a depository institution that is typically locally owned and operated. Community banks tend to focus on the needs of the businesses and families where the bank holds branches and offices. Lending decisions are made by people who understand the local needs of families,...
comply with Financial regulation
Financial regulation
Financial regulation is a form of regulation or supervision, which subjects financial institutions to certain requirements, restrictions and guidelines, aiming to maintain the integrity of the financial system...
. Secure Banking Solutions offers a variety of services in addition to TRAC
TRAC (Information Technology Suite)
TRAC is an automated risk management tool created by Secure Banking Solutions. TRAC also automates policy creation and helps companies comply with a number of laws and regulations enforced by Regulators...
, a product suite created for community banks in America.
History
Secure Banking Solutions was formed in 2004 by the National Center for Information Security at Dakota State University. At the time it had only 4 employees including Dr. Kevin Streff, the founder and owner of the company.Consumer Base
Secure Banking Solutions currently works with over 300 Banks in America, one third of which use TRACTRAC (Information Technology Suite)
TRAC is an automated risk management tool created by Secure Banking Solutions. TRAC also automates policy creation and helps companies comply with a number of laws and regulations enforced by Regulators...
, its automated software tool. Based out of Madison, South Dakota
Madison, South Dakota
Madison is a city in Lake County, South Dakota, United States. The population was 6,474 at the 2010 census. It is the county seat of Lake County and is home to Dakota State University.-Geography:Madison is located at ....
, the company combines federal grant funding with the resources of Dakota State University to provide community banks with resources to help Banks become more secure.
Partners
Secure Banking Solutions is listed as a vendor at the following associations:- South Dakota Bankers Association
- Independent Community Bankers of South Dakota
- North Dakota Bankers Association
- Nebraska Bankers Association
- Community Bankers of Iowa
- Community Bankers of Wisconsin
- Wyoming Bankers Association
- Minnesota Bankers Association
- Pennsylvania Association of Community Bankers
- Virginia Association of Community Banks
Services
Auditing Services:Information Technology (IT) Audit:
SBS performs risk-based information technology audits that review the IT policies and procedures at banks for compliance and adequacy. SBS takes a similar approach to their audit as examiners do by using a top-down approach.
Penetration Test:
SBS simulates real-world at-tacks on banks external facing networks using a large suite of commercial and open-source tools. SBS penetration testers have been trained in the Dakota State University ethical hacker lab.
Vulnerability Assessment:
SBS performs this on-site test to help banks determine what their security weaknesses are from inside the network. SBS has developed an industry leading reporting tool to en-sure banks can fully understand the results.
Social Engineering Test:
SBS attempts to get access to sensitive information in a non-technical way. Various techniques used to get this information are phone impersonation and dumpster diving.
BSA Audit:
SBS will perform a BSA Audit which reviews your existing program to determine compliance. SBS will produce the necessary documentation to demonstrate compliance to the regulators.
Emergency Preparedness Plan Test:
SBS can perform a test of the different components of your emergency preparedness including business continuity, incident response, etc. This can be done as a table-top exercise or in a simulated event format.
Information Security Services:
Business Continuity Planning:
SBS assists banks in creating business continuity plans which meet regulatory requirements and the needs of each bank in order to allow the bank to resume operations quickly in the event of an emergency.
Incident Response Planning:
SBS can create a customized incident response plan with the supporting documents to help an institution mitigate the negative effects of a security breach and demonstrate to examiners the bank is equipped to handle such an event.
Policy & Procedure Development:
Banks need many different IT security policies and procedures such as acceptable use, personnel security, etc. SBS can take the lead in determining and developing the policies and procedures a bank needs.
Security Awareness Training:
SBS can provide training to all employees of a bank on the importance of information security and how they can help protect the bank’s sensitive information.
Identity Theft Red Flags:
As per regulatory guidance, banks are required to develop an Identity Theft Red Flags program. SBS can help banks in complying with this regulation by creating the program and required documentation.
Regulatory Crisis Management:
After a sub-standard examination from various regulatory agencies, banks can find themselves with a long list of deficiencies to be corrected in a short period of time. SBS can lead this crisis management for the bank and en-sure each deficiency is corrected.
Pandemic Preparedness:
SBS has developed a Pandemic Preparedness Toolkit which allows banks to efficiently create an effective pandemic preparedness plan. This toolkit includes a policy template as well as various work-papers, training videos, and other items needed to demonstrate to examiners the bank is prepared for a pandemic.
Service Packages:
Audit Bundle:
A complete IT Audit reviews three separate areas of information security: People, Process, and Technology.
All of these areas can be audited by completing an:
IT Audit
Penetration Test
Vulnerability Assessment
Social Engineering Test
SBS has bundled these services into a comprehensive and cost-effective solution for banks.
Maintenance Services:
The SBS Maintenance package includes nearly all of the services and products. SBS creates an annual schedule and plan of how and when each service and project is to be completed. Banks use this package to gain the security expertise needed to have successful IT examinations and promote good security, all at a low monthly cost.
Hourly Consulting:
Many banks need help occasionally to complete various information security tasks. SBS commonly enters into agreements with banks where they are available to the bank for an hourly fee. There is no minimum number of hours needed to retain SBS services, but it is nice for many banks to have a security expert just a phone call away.
TRAC:
Information Risk Assessment:
TRAC Risk Assessment allows banks to quickly and thoroughly assess the risk associated with all the information assets in the bank. It can help the bank determine where to spend their security budget. It has also passed scrutiny of FDIC, FRB, OCC, OTS, and NCUA.
Information Security Program:
This module allows banks to answer questions regarding how their bank handles information security. With the answers to these questions, TRAC can produce an effective Information Security Program.
Third Party Management (3PM):
With third party management being a hot-button for IT regulators as of late, this module will allow your bank to adequately and consistently select and manage your vendor relationships.
Action Tracking:
This unique module allows banks to manage all of the various information security activities taking place in the bank. Bank management can get immediate and detailed updates on things such as follow-up to a recent exam or mitigation completion from the most recent penetration test.
BSA Risk Assessment:
The BSA Risk Assessment module allows banks to analyze their various loan types by the eleven risk areas identified by FinCen.
Audit:
Audit allows internal auditors to audit internal security controls in a risk-based and FFIEC-based approach. TRAC Audit automates the manual audit tasks of scoping, generating work papers, and creating reports.
External links
- Secure Banking Solutions (protectmybank.com)
- www.tracadvantage.com