The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security
The G-L-B act, signed into law by President Clinton on November 12, 1999, is a sweeping piece of legislation affecting all financial institutions in areas from fair treatment of women by financial advisors, to the rescission of Glass-Steagall.1 But the section that is getting the most attention is Title V, section 502, entitled 'Obligations with respect to disclosures of personal information.' Most everyone has received a notice from your bank brokerage firm or insurance company explaining their position on privacy as it relates to your personal information. I would advise you to read it carefully. The law provides that larger financial institutions allow for an 'opt-out' provision to be made available. If you do not opt-out using one of the proscribed methods they can use your private information in any way they see fit. Financial institutions are scrambling to implement the specific provisions of section 502 by July 12001 but in my opinion they are missing the mark. The focus of this paper is on a lesser known but potentially more problematic section. Title V section 501 'Protection of nonpublic personal information'. This section mandates that financial institutions implement 'administrative technical and physical safeguards' for customer records and information.
682 (PDF, 1.70MB)
5 Jun 2001Related Content
2026 Cybersecurity Workforce Research Report by SANS | GIAC
Research PaperThe cybersecurity workforce is at a turning point. AI is transforming how work gets done, regulators are redefining ‘qualified,’ and organizations are recognizing that the right skills, not headcount, are what drive success. As AI reshapes the cyber workforce, this report helps leaders make informed decisions and shows practitioners where skills and careers are heading.
- 11 Mar 2026
- SANS Institute, GIAC Certifications
A Startups Guide to Implementing a Security Program
Research PaperStartups struggle to balance survival with the practical implementation of a security program. There...
- 8 Oct 2020
Putting it all together through Automation
Research PaperMost problems faced in Information Security are typically time sensitive. For Forensic Engineers and...
- 22 Apr 2019
Information Security Best Practices While Managing Projects
Research PaperTo maximize long-term return on investment (ROI) with a project's delivery, taking information...
- 25 Mar 2019
Logon Banners
Research PaperLogon banners have been a common feature of operating systems and applications for many years....
- 20 Mar 2019
Security Considerations for Team Based Password Managers
Research PaperPassword management applications are a common and practical way to store complex passwords. They use...
- 23 Jul 2018
Content Security Policy in Practice
Research PaperThe implementation of Content Security Policy to leverage web browser capability in protecting a web...
- 6 Jul 2018
Agile Security Patching
Research PaperSecurity Patch Management is one of the biggest security and compliance challenges for organizations...
- 3 May 2018
Speed and Scalability Matter: Review of LogRhythm 7 SIEM and Analytics Platform
Research PaperJust how scalable, fast and accurate are SIEM tools when under load? To find out, we put the...
- 13 Apr 2017
- Dave Shackleford
Bill Gates and Trustworthy Computing: A Case Study in Transformational Leadership
Research PaperThe notion that IT security is a serious issue is non-controversial. The market for cybersecurity...
- 20 Sep 2016
Filling the Gaps
Research PaperThere should be an emphasis on the importance of regular internal and external auditing focusing on...
- 18 Aug 2016
Investing in Information Security: A Case Study in Community Banking
Research PaperSmall businesses, such as community banks, often do not have resources dedicated to information...
- 12 Aug 2016
Introduction to Rundeck for Secure Script Executions
Research PaperMany organizations today support physical, virtual, and cloud-based systems across a wide range of...
- 11 Aug 2016
Using Information Security as an Auditing Tool
Research PaperAs cyber-attacks are gaining visibility within mainstream media, what once was knowledge for...
- 14 Jul 2016
Applying Data Analytics on Vulnerability Data
Research PaperOrganizations, by law, should exercise due care and due diligence in securing data at rest, in...
- 23 Dec 2015
Framework for Innovative Security Decisions
Research PaperRemember the Periodic Table of chemical elements (Dayah, Dynamic Periodic Table, 1997)? It...
- 3 Nov 2015
Security Data Visualization
Research PaperThe objective of this paper is to provide guidelines on information security data visualization and...
- 28 Oct 2015
Behind the Curve? A Maturity Model for Endpoint Security
Research PaperBehind the Curve? A Maturity Model for Endpoint Security
- 22 Oct 2015
The Sliding Scale of Cyber Security
Research PaperThe Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories...
- 1 Sep 2015
Protecting Third Party Applications with RASP Infographic
Research PaperProtecting Third Party Applications with RASP Infographic
- 27 Aug 2015