Pub. 19 2024-2025 Issue 1

9. Segregation of Information Security from Information Technology Once a financial institution reaches $750 million in assets, the regulatory and external audit scrutiny will increase surrounding the segregation of roles associated with information security and information technology. The information security officer should be independent of IT operations staff and should not report to IT operations management. 10. New/Updated Policies The following policies should be documented within an information security program, and some have become formal recommendations by examiners and regulators within the last 12 months: • End-of-Life (EOL) Policy • Imaging Policy • ATM/Debit Card Management Policy • Instant Issue Policy • Internet Banking Policy These enhancements aim to bolster the institution’s security posture, ensuring comprehensive coverage of physical and digital security aspects in alignment with evolving regulatory standards and cyber threat landscapes. 19 NEBRASKA BANKER

RkJQdWJsaXNoZXIy MTg3NDExNQ==