District Circular Letters
December 23, 1997
BANKING SUPERVISION AND REGULATION:
INFORMATION SECURITY FOR NETWORKS
To Bank Holding Companies, State Member Banks,
U.S. Branches and Agencies of Foreign Banks,
Edge Corporations and Others Concerned
in the Twelfth Federal Reserve District
Guidance Regarding Sound Practices for Information Security
for Networks
The attached letter from the Federal Reserve Board's Division of Banking
Supervision and Regulation and the accompanying paper, prepared by supervision
staff of the Federal Reserve Bank of New York, contain important information
about sound information security practices that institutions may use to
address risks associated with computer networks. A version of this paper
was distributed at a security conference sponsored by the Federal Reserve
Bank of New York on September 24, 1997. Presentation materials from the
conference are available at the Federal Reserve Bank of New York's web
site (www.ny.frb.org/pihome/news/speeches).
The guidance presented in the paper does not constitute a regulation
and should not be interpreted as such. However, the paper outlines the
types of prudent and effective measures that financial services institutions
have implemented, are in the process of implementing, or plan to implement
to protect information and ensure its integrity, availability, and confidentiality.
In this connection, the paper may provide insights and assistance in designing
an effective information security program and secure automation systems.
We suggest that the letter and the paper be distributed within your
organization to senior management and others with responsibility for network
security.
For Additional Information
For additional information regarding these matters, please contact our
Banking Supervision and Regulation Department, at (415) 974-2286, or the
contacts identified in the Board's letter.
Attachments
FEDERAL RESERVE BANK OF SAN FRANCISCO
|
