Data security solutions for the Gramm-Leach-Bliley Act
Applies to the financial services industry (Insurance, Securities, Banking).
> Little of the legislation is directly applicable to IT.
> PCI or HIPAA provide more tangible implementation specifics, that should, if followed, also provide proper controls for GLBA as well.
> GLBA references ISO 17799 as a guideline.
IT Requirements Summary:
1. You must have a written security policy.
2. You must establish a baseline – risk assessment – vulnerability scan
3. You must monitor and report on access to any files, folders, or databases that contain consumer financial information.
4. You must notify any consumer if you believe their information has been compromised.
Solutions & Features
Below: list of solution features required or recommended in order to meet compliance.
> Encryption
The Gramm-Leach-Bliley Act requires financial institutions to determine when encryption of customer information in transit or in storage is appropriate and if so, to implement it.
Contact us today to discuss your requirements in more detail.
Applies to the financial services industry (Insurance, Securities, Banking).
> Little of the legislation is directly applicable to IT.
> PCI or HIPAA provide more tangible implementation specifics, that should, if followed, also provide proper controls for GLBA as well.
> GLBA references ISO 17799 as a guideline.
IT Requirements Summary:
1. You must have a written security policy.
2. You must establish a baseline – risk assessment – vulnerability scan
3. You must monitor and report on access to any files, folders, or databases that contain consumer financial information.
4. You must notify any consumer if you believe their information has been compromised.
Solutions & Features
Below: list of solution features required or recommended in order to meet compliance.
|
> Firewall
|
-
Required
|
|
> IDS / IPS
|
- Strongly
Recommended |
|
> Instant Messaging Security – IM logging and/or
prevention
|
-
Required
|
|
> Centralised Reporting
|
-
Strongly Recommended
|
|
> Baseline / Vulnerability
Assessment
|
-
Required
|
|
- 24
Hours for Critical updates
|
|
|
-
Recommended
|
> Encryption
The Gramm-Leach-Bliley Act requires financial institutions to determine when encryption of customer information in transit or in storage is appropriate and if so, to implement it.
GLB Requirement
|
Solution Features
|
Secure data at rest within the
organisation
|
File, folder and virtual drive
encryption as standard to secure data at the endpoint.
|
Secure data in transit
|
Full-disk and removable media
encryption for USB drives and optical media to secure data on the move.
|
Secure data for mobile / home
working practices
|
Full-disk encryption for laptops.
Business licenses extend to privately owned home computers at no extra cost.
|
Secure transfer of data between
locations
|
Outlook plug-in, clipboard
encryption compatible with all mail clients including webmail, and attachment
encryption for any system. Optical media encryption allows the safe transfer
of data stored on CD or DVD.
|
Block / Limit access to certain
data
|
Allow different levels of access to be configured for
different users.
|
Allow access to secure data when
requested.
|
Allow extensive, remote control of encryption
software policy and encryption keys.
|
Secure safe storage of personal
data
|
Encrypt business users and personal user data.
|
Secure destruction of redundant
data
|
Securely delete data to the DoD-5220.2 M standard ensuring that it is
completely unrecoverable.
|
Contact us today to discuss your requirements in more detail.
P: +44(0)7714 209927
S: +44(0)1273 329753
| 
info@securenetconsulting.co.uk
|