Voice Over Internet Protocol (VoIP) Security Risk Guidance

The ability to utilize data networks for more than internet is making its way into many financial institutions, enterprise businesses, and government agencies nationwide. Covetrix security consultants are eagerly waiting to assist your organization with the process!

The benefits of Voice Over Internet Protocol (VoIP), lower cost and increased functionality, may complicate the Risk Assessment Process. Establishing a secure VoIP and data network is a complex process that requires great effort and expertise from knowledgeable security consultants.

The Federal Deposit Insurance Corporation (FDIC) is providing guidance to financial institutions on the security risks associated with implementing VoIP. The same risks that can harm or infect Internet data networks can interfere with VoIP and cause significant operational risks to financial institutions. Exposure to viruses, worms, Trojans, and hijacking are risks that must be addressed to eliminate the possibility of privacy loss.

When an organization decides to invest in VoIP technology, the associated risks should be evaluated as part of their periodic risk assessment and discussed in status reports submitted to the board of directors. Implementation of VoIP is much more complex than utilizing data-only networks.

The National Institute of Standards and Technology (NIST) published information security standards for financial institutions to implement in conjunction with their Voice over internet protocol. For a complete list of VoIP recommendations and FDIC standards, access the complete Financial Institution Letter at FIL-69-2005.

For the complete FIL go to http://www.covetrix.com/security/portal/updates/VoIP.jsp