TRAC (Information Technology Suite)
Encyclopedia
TRAC is an automated risk management
Risk management
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...

 tool created by Secure Banking Solutions
Secure Banking Solutions
Secure Banking Solutions, also known as SBS, is a security consulting firm focused on security in financial institutions across the United States. Secure Banking Solutions was formed by the National Center for Information Security at Dakota State University by Dr. Kevin Streff...

. TRAC also automates policy creation and helps companies comply with a number of laws and regulations enforced by Regulators. The tool was created with small to mid-sized banks in mind with an aim to simplify complex processes that all banks must perform.

TRAC both simplifies and speeds up the process of creating adequate risk assessments both for IT assets and IT activities; it also helps banks ensure that they comply with the Bank Secrecy Act. TRAC also contains modules for managing and selecting third party vendors, generating and storing adequate policy, as well as tracking recommendations generated by either the program, the consultants at Secure Banking Solutions, or the users themselves.

Modules

TRAC modules are added and updated regularly. Each module provides a different service and outputs a variety of reports which reduces the need to contract the services of an IT Consultant
Information technology consulting
Information technology consulting is a field that focuses on advising businesses on how best to use information technology to meet their business objectives...

.

Information Technology

The Information Technology module allows the user to perform a risk assessment on the Bank's IT assets. Assets are ranked by importance based on their protection profile which is based on the asset's confidentiality
Confidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...

, availability
Availability
In telecommunications and reliability theory, the term availability has the following meanings:* The degree to which a system, subsystem, or equipment is in a specified operable and committable state at the start of a mission, when the mission is called for at an unknown, i.e., a random, time...

, integrity
Data integrity
Data Integrity in its broadest meaning refers to the trustworthiness of system resources over their entire life cycle. In more analytic terms, it is "the representational faithfulness of information to the true state of the object that the information represents, where representational faithfulness...

, and volume. Threats are tied to each asset and ranked by impact and probability. Controls are then identified to mitigate risk on the particular asset. The end goal is calculate the residual risk
Residual risk
The residual risk is the risk or danger of an action or an event, a method or a process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied .The formula to calculate residual risk is x where inherent risk...

 of the asset, and a Risk Management Plan
Risk Management Plan
A Risk Management Plan is a document prepared by a project manager to foresee risks, to estimate the impacts, and to create response plans to mitigate them...

.

Information Security

The Information Security module allows the user to perform an organizational risk assessment to rank each process available at the bank. The module also allows for policy creation using a number of different templates available and allows for custom policy statements. Policies can be stored, approved and downloaded at any time. Examples of polices include: Information Security Policy, Acceptable Use Policy
Acceptable use policy
An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used...

, Pandemic Preparedness Policy
Pandemic Preparedness and Response Act
The Pandemic Preparedness and Response Act is a bill introduced on October 5, 2005 by U.S. Senators Harry Reid, Evan Bayh, Dick Durbin, Ted Kennedy, Barack Obama, and Tom Harkin in response to the growing threat of an outbreak of avian influenza...

, Risk Management Policy
Risk management
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...

, etc.

Third Party Management

The Third Party Management module allows banks to keep track of all their vendors in one place. Generic vendor information can be stored, vendor contacts can be added, due diligence can be performed, and contract reviews can be performed. If used in conjunction with the Information Technology module, IT vendors can be tied to their respective asset to show the amount of risk related to each vendor.

Action Tracking

The Action Tracking module allows banks to set up plans and track the process of each. Many plans are generated from other modules, while plans can also be generated based on the consultant recommendations of Secure Banking Solutions. Tasks can also be kept track of within the tool, each with due dates and reminders.

Bank Secrecy Act

The Bank Secrecy Act (BSA) module allows banks to rate their compliance with the Bank Secrecy Act
Bank Secrecy Act
The Bank Secrecy Act of 1970 requires financial institutions in the United States to assist U.S. government agencies to detect and prevent money laundering...

.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK