This whitepaper will teach you the necessary steps any organization must take to comply with the Gramm-Leach-Bliley Act (GLBA). Based on the experienced insight of Alex Bakman, Founder, Chairman & Chief Technology Officer at Ecora Software and Khalid Kark, Senior Research Analyst at Forrester Research, this paper discusses how any organization can reduce compliance costs by automating the process of attaining and maintaining proper financial privacy and consumer data safeguard procedures.
WHITEPAPER
A Strategic Approach to Gramm-Leach-Bliley
Act Compliance
Ensuring Compliance and Security on the IT Infrastructure
Alex BakmanChairman and Chief Technology OfficerEcora SoftwareAbout the Gramm-Leach-Bliley ActWhen the Gramm-Leach-Bliley Act (GLBA) was signed into law in What's happening to security spending?1999, the goal of the legislation was "to enhance competition in the "Approximately what percentage of your IT spend will go toward security?"financial services industry by providing a framework for the affiliationof banks, securities firms, insurance companies, and other financial 8.7%8.3% 7.9%service providers...." The law made consumer insurance, banking, 7.3%6.6% 6.8%and investment information accessible through a single source. At thesame time, the law mandated that any organization with access tonon-public customer information-including financial institutions,insurance companies, credit card companies, debt collectionagencies, and real estate settlement firms-meet stringentadministrative, technical, and physical safeguards to ensure thesecurity and confidentiality of customer records and information,protect against any anticipated threats or hazards to the security or 1,000 to 4,999 5,000 to 19,999 20,000 or moreintegrity of such records, and protect against unauthorized access to employees employees employeesor use of such records or information which could result in substantial 2006* 2005?harm or inconvenience to any customer. Base: 370 IT execs at North American EnterprisesBase: 528 IT execs at North American Enterprises®*Source: Forrester's Business Technographics November 2005 North American And European Enterprise IT Budgets And Spending Survey®Staying Compliant; Staying Secure ?Source: Forrester's Business Technographics November 2004 North American And European Benchmark StudyUntil now, for most organizations, compliance has been driven byevents-like a security breach or network outage-which led to a property, ensuring regulatory compliance, preventing insider abuse,review of the IT infrastructure and security controls, and external and and safeguarding customer privacy," he said. "The result can be ainternal pressure to make improvements. With the advent of comprehensive program that addresses both information risk andsignificant new regulations like the Gramm-Leach-Bliley Act, however, compliance concerns within an organization." ensuring compliance has become a business requirement, andconcerns about new corporate and regulatory requirements have FFEIC IT Examination Handbook as amade compliance a top-of-mind issue for executives and the Framework to Ensure Compliance andorganizations they lead. In fact, a published report from a leading Securityresearch firm stated that "compliance spending in 2006 will reach The Federal Financial Institutions Examination Council (FFIEC)$27.3 billion. Spending will climb even higher in 2007, with designs and supervises audits for the majority of federalcompanies devoting $28 billion to compliance initiatives." agencies that oversee organizations that must comply withThe challenge for many organizations lies in the common GLBA. To ensure that all auditors work within uniform principles,misconception that compliance and security are equal, and, by standards, and report forms, the FFIEC publishes the ITachieving compliance, an organization will ensure infrastructure Examination Handbook. The Handbook was substantiallysecurity and vice versa. According to Khalid Kark, senior research revised and expanded in July 2006 and can now provide aanalyst at Forrester Research Inc., security and compliance are two clear framework for an organization's compliance/securitydistinct issues; compliance does not always equal security, and the program, including a five-step security process:real challenge is to remain compliant while staying secure. 1. Information Security Risk. Identify and assess threats,"There are two broad trends," Kark said during a recent Ecora vulnerabilities, attacks, probabilities and outcomes.webinar. "Because of well-publicized security breaches, many 2. Information Security Strategy. Mitigate risk by integratingorganizations have taken a broad view and consider security in technology, policies, procedures, and training, approved terms of the possible risk to corporate information. At the same time, by the board. regulatory pressures and compliance requirements have dominatedthe agenda, so organizations are focu... [download for more]
