|
Booklet:
Operations Section: Risk Mitigation and Control Implementation Subsection: Information Distribution and Transmission |
|||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||
OUTPUT
System output—whether in electronic form or hard copy reports—can
contain sensitive or confidential information. Unnecessary output increases
operating expense and reduces the efficiency of IT operations. Management
should analyze output and implement necessary controls to limit the production
of unnecessary confidential data output. Automated report management software
and similar tools can facilitate the implementation of output controls.
Management should also develop specific physical and logistical procedures
for hardcopy and electronic report distribution to ensure a secure environment
including assessing the use of locked containers, limited access mailboxes,
or secure communications. There should also be appropriate controls and
procedures to insure the proper disposal or destruction of output whether
hardcopy or electronic format. For example, hardcopy output should be
shredded to a level to prevent reconstruction of information.
TRANSMISSION
Transmission controls should address both physical and logical risks.
In large, complex institutions, management should consider segregating
WAN and LAN segments with firewalls that restrict access as well as the
content of inbound and outbound traffic. Management should also consider
using encryption technology—including basic encryption as well as
the use of digital certificates and public key infrastructure—to
secure data transmissions. Refer to the IT Handbook’s “Information
Security Booklet” for additional discussion of encryption and other
security technology.
Telecommunications technology typically incorporates message content and
completion validation. Network management should continuously monitor
telecommunications traffic for problems involving high rates of lost packets,
interference that degrades connectivity, capacity problems that reduce
throughput, or other anomalies. In addition, administrators should periodically
review network devices to identify any that are operating in promiscuous
mode and acting as packet “sniffers” for network traffic.
Management should implement strong access controls to secure telecommunication
equipment. Telecommunications closets should be locked and carry no specific
identification to provide an additional measure of security. Changes to
telecommunications equipment and equipment settings or configuration should
follow enterprise change control standards including approval, testing,
and migration to production. An institution should authenticate and approve
any remote access to telecommunication equipment. Identification, authorization,
and authentication to access telecommunications systems should follow
enterprise standards including approval and documentation of exceptions.
Voice communication is essential to many functions of an institution.
The business continuity plan should include telecommunication resources.
Loss of telecommunications can have a material impact on the ability of
an institution to function, exposing it to legal, reputation, and financial
risks. Therefore, institutions need to have resiliency and redundancy
in their telecommunications architecture. Where available, planning should
ensure access to a diversity of suppliers. Management should consider
implementing route diversity to ensure data can travel along an alternate
route if its primary path is blocked. Management can also improve diversity
by connecting IT operations to multiple telephone company central offices.
An institution should thoroughly test in-house and outsourced telecommunications
recovery processes. It should also implement physical security for telecommunications
equipment at any alternate operations site(s) similar to that of the primary
data center.
Management should monitor the financial health of its telecommunications
providers. To ensure continuity of service, there should be at least one
back-up vendor in the event the primary provider cannot deliver the required
service. Large, complex operations centers and those critical to payment
systems should have multiple primary and secondary providers for bandwidth
and security purposes.
Along with diversity, building redundancy into telecommunications networks
enhances resiliency. An institution should avoid exposure to single points
of failure. Establishing multiple network entry points into the operations
center and connecting them to redundant infrastructure strengthens a network’s
survivability.
Outsourced back-up facilities should meet all institution requirements.
All telecommunications equipment housed in recovery facilities should
follow institution standards for security, availability, and change control.
Management should test back-up telecommunications functions during business
continuity plan testing. Management should also document test results
and ensure appropriate changes are made to the business continuity plan.
Contracts with recovery facilities should specify which party is responsible
for telecommunications. They should also ensure telecommunications controls
meet the institution’s enterprise standards.
Institutions should be aware of the priority level of recovery services
contracted from their providers.
Having a sound relationship with a telecommunications provider can greatly
facilitate recovery after a business interruption.
Institutions that choose to outsource the management of their telecommunications
networks to third party providers should receive reports from the vendor
on performance, capacity, availability, and other key metrics.
Refer to the IT Handbook’s “Business Continuity Planning
Booklet” and "Outsourcing Technology Services Booklet”
for additional discussion on these topics.