The Gramm-Leach-Bliley Act (GLBA) of 1999 first established a requirement to protect consumer financial information. Financial services regulations on information security, initiated by the GLBA, require financial institutions in the United States to create an information security program to:
- Ensure the security and confidentiality of customer information
- Protect against any anticipated threats or hazards to the security or integrity of such information; and
- Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.
The Federal Financial Institutions Examination Council (FFIEC) supports this mission by providing extensive, evolving guidelines for compliance. The FFIEC is charged with providing specific guidelines for evaluating institutions for compliance with GLBA, among other things. Enforcement falls to five agencies: the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS). In collaboration, these agencies have developed a series of topical handbooks that provide guidance, address significant technology changes and incorporate a risk-based approach for IT practices in the financial industry.
Cautela Labs provides a number of services that help financial organizations comply with GLBA & FFIEC and associated reporting:
- Security Assessment to identify gaps in the current security posture of the environment
- Log Management and Threat Management identification of internal and external risks that face the enterprise
- Vulnerability Assessment Scanning of the physical and application environment to validate and tighten your security posture
- Data Loss Prevention identifies critical data, location and assists in preventing its outflow
- Network Access Control safeguards your perimeter and enhances endpoint security
- Managed Security Services to reduce time and cost of monitoring and testing
- Web application firewalls and penetration testing ensure a tightened perimeter.
