![]() |
![]() |
Compliance Management: SMP’s GLBA Solution
Gramm-Leach-Bliley (GLB) requires that financial institutions establish an effective information security program to protect the confidentiality and security of nonpublic personal customer information or be subject to substantial monetary and legal penalties. This is followed by vulnerability testing of the external and internal networks. SMP probes the perimeter security to validate that external controls are in place and working as represented to our consultants. This phase can include vulnerability and penetration testing over the internet, modem, PBX, and wireless testing. An in-depth review of systems on the internal network is also performed. SMP tests the internal controls to determine if they protect valuable information and meet stated goals of organizational policies, "essential practices" and regulatory compliance. Each system and application within the scope of the engagement are tested for vulnerabilities and unauthorized access. All findings are reviewed and compared to current policies. Each identified vulnerability on the external and internal network is rated, documented, and an appropriate solution provided. Gaps are identified, regulatory compliance assessed, possible improvements proposed, and remediation efforts outlined. A report is prepared for presentation to your organization. Our report establishes a baseline against which progress towards GLB compliance can be measured. It assists in prioritizing and setting realistic targets, and it recommends steps to reduce each risk. It can be presented to senior management, board members, and regulatory examiners to demonstrate that a comprehensive risk assessment has been performed, gaps identified, and solutions provided to resolve them. Recurrent Validations Once the initial program is in place, it is necessary to perform repeat assessments on a regularly scheduled basis. With the constantly changing nature of information security, including new threats and new defenses, follow-up tests or validations are a must for maintaining adequate protection. Client networks are always being updated, new technologies are constantly being offered, and knowledge of client staff must be continuously augmented in order to keep up with the latest trends. Clients’ infrastructure will most likely grow with its network as time progresses and new complexities are added. Strong security is good business. With SMP’s help, organizations can develop a balanced security approach that provides due diligence without impeding business operations. Organizations can be confident that they have taken reasonable measures to protect confidential information and have reduced potential liabilities. |
| Security Management Partners p.781.890.7671 sales@smpone.com | |
| Copyright © 2008 Security Management Partners Tresware Content Management System Copyright © 2008 Tresware
|
||||||