Security Assessment Guidelines for Financial Institutions
This paper will discuss the five information security assessment processes, identified by the Federal Financial Institutions Examination Council (FFIEC)1 and other financial regulators, as core components of a financial institution information security program, especially in fulfilling Gramm-Leach-Bliley Act (GLBA), and relevant with other, similar requirements: identify the risks that may threaten customer information [and the earnings and capital capabilities of the institution]; develop a written plan containing policies and procedures to manage and control these risks; implement security controls; test the security to assure that significant controls are effective and performing as intended; monitor and update - 'Adjust the plan on a continuing basis to account for changes in technology the sensitivity of customer information and internal or external threats to information security.'2
993 (PDF, 2.23MB)
8 May 2003Related Content
A Startups Guide to Implementing a Security Program
Research PaperStartups struggle to balance survival with the practical implementation of a security program. There...
- 8 Oct 2020
Putting it all together through Automation
Research PaperMost problems faced in Information Security are typically time sensitive. For Forensic Engineers and...
- 22 Apr 2019
Information Security Best Practices While Managing Projects
Research PaperTo maximize long-term return on investment (ROI) with a project's delivery, taking information...
- 25 Mar 2019
Logon Banners
Research PaperLogon banners have been a common feature of operating systems and applications for many years....
- 20 Mar 2019
Security Considerations for Team Based Password Managers
Research PaperPassword management applications are a common and practical way to store complex passwords. They use...
- 23 Jul 2018
Content Security Policy in Practice
Research PaperThe implementation of Content Security Policy to leverage web browser capability in protecting a web...
- 6 Jul 2018
Agile Security Patching
Research PaperSecurity Patch Management is one of the biggest security and compliance challenges for organizations...
- 3 May 2018
Speed and Scalability Matter: Review of LogRhythm 7 SIEM and Analytics Platform
Research PaperJust how scalable, fast and accurate are SIEM tools when under load? To find out, we put the...
- 13 Apr 2017
- Dave Shackleford
Bill Gates and Trustworthy Computing: A Case Study in Transformational Leadership
Research PaperThe notion that IT security is a serious issue is non-controversial. The market for cybersecurity...
- 20 Sep 2016
Filling the Gaps
Research PaperThere should be an emphasis on the importance of regular internal and external auditing focusing on...
- 18 Aug 2016
Investing in Information Security: A Case Study in Community Banking
Research PaperSmall businesses, such as community banks, often do not have resources dedicated to information...
- 12 Aug 2016
Introduction to Rundeck for Secure Script Executions
Research PaperMany organizations today support physical, virtual, and cloud-based systems across a wide range of...
- 11 Aug 2016
Using Information Security as an Auditing Tool
Research PaperAs cyber-attacks are gaining visibility within mainstream media, what once was knowledge for...
- 14 Jul 2016
Applying Data Analytics on Vulnerability Data
Research PaperOrganizations, by law, should exercise due care and due diligence in securing data at rest, in...
- 23 Dec 2015
Framework for Innovative Security Decisions
Research PaperRemember the Periodic Table of chemical elements (Dayah, Dynamic Periodic Table, 1997)? It...
- 3 Nov 2015
Security Data Visualization
Research PaperThe objective of this paper is to provide guidelines on information security data visualization and...
- 28 Oct 2015
Behind the Curve? A Maturity Model for Endpoint Security
Research PaperBehind the Curve? A Maturity Model for Endpoint Security
- 22 Oct 2015
The Sliding Scale of Cyber Security
Research PaperThe Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories...
- 1 Sep 2015
Protecting Third Party Applications with RASP Infographic
Research PaperProtecting Third Party Applications with RASP Infographic
- 27 Aug 2015
What Companies need to consider for e-Discovery
Research PaperWithin the legal environment, Discovery is the process of identifying, locating, preserving,...
- 24 Aug 2015