1-888-MSECURE

Solutions - GLBA Security/Compliance

Established in 1999 to protect consumer financial information, the Gramm-Leach-Bliley Act (GLBA) mandates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access that might occur through online systems and networks, including the BPIC layer. These security requirements are mandatory for both employees and customers that have provided personal information to the financial institution and include the following protection policies:

  • Ensure the security and confidentiality of customer information
  • Protect against any anticipated threats or hazards to the security or integrity of such information
  • Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer

The Federal Financial Institutions Examination Council (FFIEC) supports these policies by providing extensive, evolving guidelines for compliance. Comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, the FFIEC has created an Information Security Handbook and a comprehensive series of tests to assess compliance with the Safeguards Rule, including over 20 specifically related to intrusion prevention and detection. The security process recommended by the FFIEC comprises five key areas:

  • Information security risk assessment
  • Information security strategy
  • Implementin security controls
  • Security testing
  • Monitoring and updating

The GLBA clearly defines and emphasizes the need for financial institutions to adopt a proactive information security and technology risk management capability to protect information, applications, databases, and the network as part of an overall information security program. In fact, banking regulators now require financial institutions to evolve beyond point-security products, and instead, integrate a strategy that establishes perimeter security as well as security inside the network.

At Evans Resource Group, we can help you meet these security requirements with a proven solution that goes beyond traditional penetration testing techniques to protect your critical data from getting into the wrong hands. Our suite of products facilitates identification of flaws or weaknesses in perimeter and internal network protective measures while avoiding the introduction of additional risk to essential systems. In this way, our tools and methodology can be likened to non-destructive structural testing methods employed by bridge and building inspectors. Additionally, our methodology does not require risky connection of test equipment to sensitive networks or the deployment of unsupported software.

To learn more about our solutions for GLBA compliance, please contact us at info@evansrg.com