| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
An Overview of "Gramm-Leach-Bliley Act" The Gramm-Leach-Bliley Act (GLBA), signed into law by President Clinton, has drastically changed the way financial institutions conduct business. With this law, many responsibilities have been placed upon the institutions to protect the customers’ nonpublic personal information. Along with this law, many guidelines have also been published in order to ensure the institutions adhere to the intent of the Act. With the wealth of information available today, implementing a good security program that complies with the guidelines set by the Department of the Treasury should be straightforward.
By Russell Barnes, 08/20/2004
|
|
The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security The G-L-B act, signed into law by President Clinton on November 12, 1999, is a sweeping piece of legislation containing 7 titles and 740 sections. It affects all financial institutions in areas from fair treatment of women by financial advisors, to the rescission of Glass-Steagall.1 But the section that is currently getting the most attention is Title V, section 502, entitled ?Obligations with respect to disclosures of personal information.? Most everyone has by now received a notice from your bank, brokerage firm or insurance company explaining their position on privacy as it relates to your personal information. Most people will probably give the notice only a passing glance, and throw it away. I would advise you to read it carefully, though. The law provides that most larger financial institutions allow for an ?opt-out? provision to be made available. Often, in order to opt-out of information sharing you must either sign and return something, or call them.
04/03/2004
|
|
Gramm-Leach-Bliley Act Title V Complexities and Compliancy for the Community Banking Sector Today's small banks are faced with even more daunting tasks in an effort to remain compliant and profitable. With the passage of the Gramm-Leach-Bliley Act of 1999, small community banks are being forced to review their security posture, which historically has tended to be limited in scope and effectiveness. This report will focus on the requirements that are mandated in the legislation as well as the interpretation by federal regulatory agencies such as the FDIC and OCC. We will then discuss what actions community banks can take today to obtain compliance as well as addressing the potential impact on current pending legislation. Even though the effective date for compliance has passed, there are still banks in the market today that have not yet completed the minimum set of requirements and are grappling with how to quickly and effectively satisfy the requirements.
04/03/2004
|
|
Conducting an electronic information risk assessment for Gramm-Leach-Bliley Act compliance To obtain compliance with the new GLBA privacy regulations, financial institutions need to identify vulnerabilities in electronic systems, assess likelihood and impact of threats, and assess sufficiency of controls to mitigate those risks. In response to these new regulations, I developed a process for conducting an electronic risk assessment in accordance with GLBA, and used it to conduct a risk assessment for Johnson Financial Group. The process involves listing each technology and vendor service and categorizing these systems based on the data they process or store. Threats and vulnerabilities are listed for each technology, and then controls are specified for each vulnerability. Controls are categorized, and definitions for control adequacy and residual risk are developed and applied to each technology. Output includes a report showing vulnerabilities, controls, and a risk rating for each technology, a report showing which vulnerabilities have insufficient controls, and others.
03/24/2004
|
