overview of glba requirements0new

《overview of glba requirements0new》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、OverviewofGLBARequirements•Gramm-Leach-BlileyAct(GLBA)–FinancialModernizationActof1999–PrivacyRule(effectiveJuly1,2001)•Addresseshowyouusecustomerinformation–SafeguardsRule(effectiveMay23,2003)•AddresseshowyouprotectcustomerinformationTheGramm-Leach-BlileyAct?TheGramm-Leach-Bli

2、ley(GLB)requiresfinancialinstitutionstoensurethesecurityandconfidentialityofthepersonalinformationitcollectsfromitscustomers.?ThelawtookeffectMay23,2003.WhatDoestheRegulationRequire??Thatfinancialinstitutionsdevelop,implement,andmaintainacomprehensiveinformationsecurityprogramt

3、hatcontainsadministrative,technicalandphysicalsafeguards.Specifically,eachinstitutionmust…?Designateacomplianceofficertocoordinatetheinstitution’sinformationsecurityprogram.?Developawrittenplanforinformationsafeguardingthatidentifiesreasonableforeseeableinternalandexternalrisks

4、tothesecurity,confidentialityandintegrityofcustomerinformationthatcouldcompromisetheinformation.?Assessthesufficiencyofanysafeguardsinplacetocontroltherisks.?Assurethatcontractorsorserviceprovidersarecapableofmaintainingappropriatesafeguardsforthecustomerinformationandrequiring

5、them,bycontract,toimplementandmaintainsuchsafeguards.Takestepstomodifyprocedures,ifnecessaryinlightofdevelopmentsthatmaymateriallyaffecttheinstitution’ssafeguardsinordertocomplywiththeregulation.Institutionsmaywanttoconductriskassessments.OverviewofGLBARequirements•SafeguardsRu

6、leRequirements–Develop,Implement,andMaintainaWrittenInformationSecurityPlanISP)includingthesefiverequirements:•DesignateanISPCoordinator•Performariskassessment•Designandimplementsafeguardstocontroltheriskidentified•Overseeserviceproviders•Periodicallyre-evaluatetheISPSecuringIn

7、formation?TheFTCsafeguardrulespecifiesthefollowingminimumnecessaryconsiderationsinriskmanagement.?Employeetrainingandmanagement.?Informationsystems,includingnetworkandsoftwaredesign,aswellasinformationprocessing,storage,transmission,anddisposal.?Detecting,preventingandrespondin

8、gtoattacks,intrusionsorothersystemfailures.EmployeeTra