- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Security Assessment Guidelines for Financial Institutions
- Abstract
- This paper will discuss the five information security assessment processes, identified by the Federal Financial Institutions Examination Council (FFIEC)1 and other financial regulators, as core components of a financial institution information security program, especially in fulfilling Gramm-Leach-Bliley Act (GLBA), and relevant with other, similar requirements: identify the risks that may threaten customer information [and the earnings and capital capabilities of the institution]; develop a written plan containing policies and procedures to manage and control these risks; implement security controls; test the security to assure that significant controls are effective and performing as intended; monitor and update - "Adjust the plan on a continuing basis to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security."2