Prevention measures include sound security policies, well-designed system
architecture, properly configured firewalls, and strong authentication programs. Two
prevention measures are vulnerability assessment tools and penetration analyses.
Vulnerability assessment tools generally involve running scans on a system to proactively
detect known vulnerabilities such as security flaws and bugs in software and hardware.
These tools can also detect holes allowing unauthorized access to a network, or
insiders to misuse the system. Penetration analysis involves an independent party
(internal or external) testing an institutions information system security to
identify (and possibly exploit) vulnerabilities in the system and surrounding processes.
Using vulnerability assessment tools and performing regular penetration analyses
will assist an institution in determining what security weaknesses exist in the bank's
What the regulators have to say about Prevention.