Home
Client Services
Firm Philosophy
Contact Us
Career Opportunity
Audit Services
Asset Review
IT Security
Compliance
Trust Services
Tax Services
Benefit Plan Audit
Commitment
Newsletter Signup
FBLG Banking News
Banking Library
File Transfers
Salary Survey
Survey Signup
FORTNER, BAYENS, LEVKULICH & GARRISON, P.C.
Certified Public Accountants

Why is Computer Inheritance Important to my Bank?

By: Tyler T. Tobin, GSEC/GIAC
Date: 2/18/10

Banks are concerned with knowledge transfer when an employee leaves a particular position or is transferred to a different role within the bank. Many times, computing devices and the data are left intact as a training tool and knowledge base for the next employee. 

As we evaluate a client’s internal security posture, one area of concern is how computing devices are restored to a controlled baseline. If these devices are not set or configured to a known status, a number of threats may impact the confidentiality, integrity and availability (CIA) of information. These threats include:

  • Integrity: Users may or may not be accountable for certain actions because their electronic devices are not restored to a specified control point. Taking corrective action based on employees computing activity (termination, or formal reprimand) may be difficult as the environment is not clearly understood. The previous employee’s computing activities may be misinterpreted, placing guilt on the new employee.
  • Confidentiality: Residual information may be inadvertently disclosed if this issue is not addressed. Computing roles, groups, shares and other security controls may be overlooked to ensure that knowledge transfer can be completed.
  • Availability: Using this situation to benefit a disgruntled employee’s action may be a real risk to the availability of customer data.  


As you can see, restoring computing devices to a controlled baseline is not only beneficial, but is a key component of ensuring your internal security posture. Risks are reduced and management’s ability to make sound decisions based on computing activity is greatly enhanced. In the event that an employee inadvertently installs malicious code, base lining the environment may reduce this risk or completely mitigate it when they exit your employment.

So, during your next IT exam, insist that your computer inheritance program and procedures are included in the scope of the assessment. Understanding these vulnerabilities can prevent them from being your bank’s Achilles heel.