FDIC - The FDIC insures deposits at the nation's 8,615 banks and savings associations and it promotes the safety and soundness of these institutions by identifying, monitoring and addressing risks to which they are exposed. www.fdic.gov

FFIEC - The Federal Financial Institutions Examination Council is a formal interagency body empowered to prescribe uniform principles, standards and report forms for the federal examination of financial institutions, and to make recommendations to promote uniformity in the supervision of financial institutions. www.ffiec.gov

FinCEN - The Financial Crimes Enforcement Network (FinCEN) is a network, a means of bringing people and information together to fight the complex problem of money laundering. Through cooperation and partnerships, FinCEN's network approach encourages cost-effective and efficient measures to combat money laundering domestically and internationally. www.fincen.gov

FRB - The Federal Reserve System is the central bank of the United States. The Federal Reserve’s duties fall into four general areas: conducting the nation’s monetary policy; supervising and regulating banking institutions; maintaining the stability of the financial system; and providing financial services to depository institutions, the U.S. government, and foreign official institutions. www.federalreserve.gov

FTC - The Federal Trade Commission is directed to administer a wide variety of consumer protection laws, including the Telemarketing Sales Rule, the Pay-Per-Call Rule and the Equal Credit Opportunity Act. The FTC’s work is performed by the Bureaus of Consumer Protection, Competition and Economics. www.ftc.gov

GAO - The U.S. Government Accountability Office (GAO) is known as "the investigative arm of Congress" and "the congressional watchdog." GAO supports the Congress in meeting its constitutional responsibilities and helps improve the performance and ensure the accountability of the federal government for the benefit of the American people. www.gao.gov

NCUA - The National Credit Union Administration (NCUA) is the federal agency that charters and supervises federal credit unions and insures savings in federal and most state-chartered credit unions across the country through the National Credit Union Share Insurance Fund (NCUSIF), a federal fund backed by the full faith and credit of the United States government. www.ncua.gov

NIST - The National Institute of Standards and Technology is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. www.nist.gov

OCC - The Office of the Comptroller of the Currency (OCC) charters, regulates, and supervises all national banks. It also supervises the federal branches and agencies of foreign banks. Headquartered in Washington, D.C., the OCC has four district offices plus an office in London to supervise the international activities of national banks. www.occ.gov

OTS - The Office of Thrift Supervision (OTS) is the primary federal regulator of federally-chartered and state-chartered savings associations, their subsidiaries, and their registered savings and loan holding companies. www.ots.gov

Pandemic Preparation - A pandemic is often defined as an epidemic or outbreak in humans of infectious diseases that has the ability to proliferate rapidly throughout a widespread geographical area. Unlike natural, human-caused or technological disasters, which have limited life spans, pandemics are predicted to affect a significant geographical area in cycles for up to eighteen (18) months -- and affect the health of more than 40% of the area's population. Starting in 2008, regulatory agencies have insisted that institutions address pandemic preparation explicitly in their business continuity plans.

Basel II - Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by Europe’s Basel Committee on Banking Supervision. Basel II is meant to create an international standard for banking regulators to use when creating regulations re: necessary capital to guard against financial and operational risks.

BSA - The Currency and Foreign Transactions Reporting Act, also known as the Bank Secrecy Act (BSA), and its implementing regulation, 31 CFR 103, is a tool the U.S. government uses to fight drug trafficking, money laundering, and other crimes. The Office of the Comptroller of the Currency monitors national bank compliance with the BSA.

CA Bill 1386 - The State of California in 2002 enacted Bill Number: SB 1386, requiring state agencies and others who conduct business through computerized collection of personal information to immediately disclose any breach of data security to any California resident whose personal information may have been compromised.

E-SIGN Act - Congress in 2000 enacted the Electronic Signatures in Global and National Commerce Act (1) ("ESIGN" or "the Act"), to facilitate the use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically.

FACTA - The Fair and Accurate Credit Transactions Act of 2003 (FACT Act or FACTA, Pub.L. 108-159) was passed by Congress as an amendment to the Fair Credit Reporting Act. The law contains provisions to help reduce identity theft and fraudulent applications for credit.

GISRA - The Government Information Security Reform Act (GISRA), Public Law 106-398, requires Inspectors General (IG) to perform independent evaluations to assess compliance with GISRA and agency security policies and procedures, and test effectiveness of information security control techniques for a subset of the agency’s information systems.

GLBA - The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLBA, includes provisions to protect consumers’ personal financial information held by financial institutions. GLBA repealed the Glass-Steagall Act, opening up competition among banks, securities companies and insurance companies. Historically, the combined industry has been known as the financial services industry.

Guidance - Recommendations from regulatory agencies on how to improve compliance with major regulations such as BSA and GLBA. Agencies frequently update their guidelines and processes, issuing these updates under the umbrella of "guidance."

Identity Theft Red Flags Rule - Under these new rules, which took effect Jan. 1, 2008, each financial institution's Identity Theft Prevention Program must include: reasonable policies and procedures for detecting, preventing and mitigating identity theft and enable the financial institution to identify relevant patterns, practices, and specific forms of activity that are 'red flags' signaling possible identity theft and incorporate those red flags into the institution's program. Compliance deadline: Nov. 1, 2008.

NCUA Part 748 - Appendix A of Part 748 of NCUA’s Rules and Regulations, calls for credit unions to identify internal and external threats that could result in unauthorized disclosure, misuse, alteration or destruction of member information or member information systems, as well as assess the potential of these threats.

Patriot Act - The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Public Law 107-56), known as the USA PATRIOT Act , was signed into law in 2001. The law expands the authority of U.S. law enforcement agencies to fight terrorism.

PCI - Payment Card Industry (PCI) Compliance is a set of security standards created by the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) to protect their customers from increasing identity theft and security breaches.

SOX - The Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204, 116 Stat. 745), also known as the Public Company Accounting Reform and Investor Protection Act of 2002, was signed into law in 2002 in response to several well-publicized corporate scandals. SOX establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms.

Application Security - Banks rely on applications to ensure accurate, timely and confidential processing of data. Vulnerabilities, particularly those associated with Web-based applications, are increasingly the focus of attacks from external and internal sources for the purposes of committing identity theft and other types of fraud.

Authentication - Ensuring that systems are accessed only by the properly-authorized individuals. In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in.

Data Loss - Tools to prevent loss of critical data in an information systems disaster – man-made, natural or pandemic. Data loss may be intentional – an attack – or unintentional, i.e. an accident.

Encryption - Encryption is the process of obscuring information to make it unreadable without special knowledge. In the mid-1970s, strong encryption emerged from the sole preserve of secretive government agencies into the public domain, and is now used in protecting widely-used systems, such as Internet e-commerce, mobile telephone networks and bank automatic teller machines.

GRC - Governance, Risk and Compliance platforms help institutions get a handle on compliance with the myriad of corporate and government regulations. Faced with endless mandates and new regulations, financial institutions increasingly turn to automated GRC platforms to help them manage the load.

ID Access & Management - Tools to ensure that systems and networks are open only to the right people at the right times. Automated systems are programmed to extend – and withdraw – access to the proper employees, contractors and customers.

Messaging - Email, IM, text-messaging and other forms of electronic communications. Increasingly, these are the historic record of business, and as such they are highly vulnerable to attack.

Mobile Banking - Tools to enable the processes and protections that drive Internet and remote banking. Mobile banking activities include performing balance checks, account transactions, payments etc. via a mobile device such as a cell phone or PC.

Network/Perimeter - The critical information system – physical and virtual – upon which individuals depend to conduct daily business. The perimeter is the boundary between the private and locally managed-and-owned side of a network and the public and usually provider-managed side of a network.

Remote Capture - Remote Deposit Capture allows a user to scan checks and transmit the images to a bank for posting and clearing. “Check 21” legislation makes Remote Capture possible, allowing banks to clear checks based upon images of the original items, instead of the traditional practice of having to transport the original check to the paying bank for clearance.

SIM/SEM - Security Information Management/Security Event Management tools help prevent potentially catastrophic attacks upon critical information systems. These tools enable the ability to aggregate data from multiple products into one central location, to correlate events, and to review this data.

Storage - Systems to store and preserve critical business information, i.e. memory, components, devices and media that retain digital computer data used in business. Regulatory requirements increasingly mandate types and terms of storage.

Web Security - The system of interlinked, hypertext documents accessed via the Internet. With a web browser, user views web pages that may contain text, images, videos, and other multimedia and navigates between them using hyperlinks. Critical to conducting business, the web is equally critical to secure for correspondence and transactions.

Debit Card Fraud - Debit card fraud is one of the most prevalent security threats against banking institutions and customers alike. Private information is relatively easy to steal, and consumers face greater liability for debit card loss than they do for credit card fraud.

BITS - BITS is a non-profit industry consortium whose members are 100 of the largest financial institutions in the United States. BITS fosters the growth and development of electronic financial services and e-commerce for the benefit of financial institutions and their customers. www.bitsinfo.org.

Cobit - An IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. www.isaca.org

COSO - The Committee of Sponsoring Organizations of the Treadwell Commission is a voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. www.coso.org

FFIEC Handbook - The FFIEC Information Technology (IT) Examination Handbook (Handbook) is comprised of 12 booklets, each on a different topic, i.e. Business Continuity Planning, Management and Operations. www.ffiec.gov

ISO - The International Organization for Standardization is a network of the national standards institutes of some 157 countries, with a central office in Geneva, Switzerland, that coordinates the system and publishes the finished standards regulating business, government and society. www.iso.org

ITGI - The nonprofit, independent IT Governance Institute (ITGI) was established by ISACA in 1998 in recognition of the crucial role of information technology in the success of an enterprise. ITGI developed COBIT. www.itgi.org.

ITIL - The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques for managing IT infrastructure, development, and operations. www.itil-officialsite.com

PCAOB - The Public Company Accounting Oversight Board is a private-sector, non-profit group created by the Sarbanes-Oxley Act of 2002 to oversee the auditors of public companies. www.pcaob.org

Pharming - Pharming is an attack aimed to fool unsuspecting users by redirecting a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

Phishing - Phishing is an attempt to fraudulently acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity (a bank or online commerce site) in an electronic communication, i.e. an email of text message.

Skimming - Skimming is a hi-tech method of credit card fraud by which thieves capture personal information from credit cards, drivers’ licenses, or even passports via an electronic device called a “skimmer,” which reads information encoded on the cards’ magnetic stripes.

Biometrics - In security, biometrics refers to use of technology to recognize and authenticate specific human characteristics, including fingerprints and retinal scans. It is an emerging technology in physical security today.

HR - Human Resource issues such as hiring, termination and background checks relative to risk management.

Incident Response - The formal reaction to a security breach, i.e. a physical or electronic hack. Includes forensics, eDiscovery and other tactics necessary in the wake of a security breach.

Information Security Compliance - Policies and procedures that enable compliance with government, industry and corporate information security standards.

Insider Threat - The risk that current, former or contract employees of an organization might intentionally abuse an authorized level of system access such that it compromises the organization's data, daily business operations, or system security.

IT Audit - The process of collecting and evaluating evidence of an Information Technology organization’s assets, practices and operations to ensure policy/regulatory compliance. These reviews may be performed in conjunction with a financial statement audit, internal audit or other form of engagement.

Privacy - The protection of personal or classified data contained within a business information system.

Risk Assessment - Risk assessment is a step in the risk management process. Risk assessment is measuring two quantities of the risk R, the magnitude of the potential loss L, and the probability P that the loss will occur. Risk assessment may be the most important step in the risk management process, and may also be the most difficult and prone to error.

Social Engineering - Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim.

Vendor Management - Ensuring that third-party service providers adhere to the same information security standards by which your institution abides.