|
The Gramm-Leach-Bliley Act (GLBA), also known as The Financial Modernization Act of 1999, was enacted to ensure protection over customer’s records and information. Authorization to implement this act was given to The Federal Trade Commission (FTC) with an effective date for compliance set on May 23, 2003. GLBA consists of three primary parts; the Financial Privacy Rule, Safeguards Rule, and Pretexting provisions. These rules and provisions make up the requirements for financial institutions to (a) ensure protection of the security and confidentiality of customer’s nonpublic personal information (NPI), (b) implement administrative, technical, and physical safeguards, (c) protect against anticipated threats and hazards to information security, and (d) protect against unauthorized access to or use of information. These requirements extend to an institutions business partners as well. Noncompliance can result in penalties that include criminal prosecution, monetary fines and up to 5 years in prison.
To satisfy these legal requirements, financial institutions are required to perform security risk assessments, develop and implement security solutions that effectively detect, prevent, and allow timely incident response, and to perform auditing and monitoring of their security environment. Section 501(b) of the GLBA established the high-level privacy and security requirements that financial institutions must comply with in order to protect customer information.
The collection, management, and analysis of log data is integral to meeting many GLBA requirements. The use of LogRhythm directly meets some requirements and decreases the cost of complying with others. IT environments consist of heterogeneous devices, systems, and applications all reporting log data. Millions of individual log entries can be generated daily if not hourly. The task of organizing this information can be overwhelming in itself. The additional requirements of analyzing and reporting on log data prove manual processes or homegrown solutions inadequate and costly.
LogRhythm can help. Log collection,archive, and recovery is fully automated across the entire IT infrastructure. LogRhythm automatically performs the first level oflog analysis. Log data is categorized,identified, and normalized for easy analysis and reporting. LogRhythm’s powerful alerting capability automatically identifies the most critical issues and notifies relevant personnel. With the click of a mouse,LogRhythm’s pre-configured GLBA report package ensures you meet your reporting requirements.
|
