Information Systems - Network Security Guidelines - NCUA

GuidanceNational Credit Union Administration (NCUA)Risk Management

Rapidly evolving technologies continue to provide efficient, cost effective methods for providing fast delivery of a wide range of member services. Accompanying the opportunities to deliver cost effective services is growing exposure of technology resources to misuse and theft, which can result in loss of member confidence. Intrusion and abuse of technology is growing at an escalating rate. Intrusions, as noted in the chart below, reflect an increasing average rate of approximately 300 percent annually. The data was provided by Computer Emergency Response Team/Coordinating Committee (CERT/CC).

The CERT/CC1is a government sponsored organization operated by the Carnegie Mellon Software Engineering Institute. Part of its mission is to track vulnerabilities in computer systems and recommend methods to improve computer security. Incidents are voluntarily reported and include:

1. Attempts to gain unauthorized access to a system or its data;
2. Unwanted disruption or denial of service;
3. Unauthorized use of a system for the processing or storage of data; and
4. Changes to system hardware, firmware, or software without the owners’ knowledge, instruction, or consent.

> Read entire regulation (log in required - registration is free)