Law Requires Information Security Programs to Be Risk-based

GLBA
Management Guidelines
Risk Management

The financial services industry is one of the most highly regulated and closely supervised among those handling sensitive consumer information. Besides being subject to security breach disclosure laws at the state and federal levels, it must comply with industry-specific laws and regulations related to information security and privacy. As a service-based business, financial institutions must provide customers with confidentiality or else risk losing their trust and their business. Protecting information is critical to maintaining trust. Because they generally don’t pass along losses associated with fraudulent transactions made on existing accounts to their customers, financial institutions incur significant losses from ID theft and account fraud. This is in addition to reputation damage and other costs incurred in responding to the security breach. The Gramm-Leach-Bliley Act requires financial insitutions to not only limit the disclosure of customer information, but also to protect that information from unauthorized access and to notify customers about security breaches. Under the guidance issued by federal regulators, financial insitutions must establish and maintain comprehensive information security programs to identify and assess the risks to customer information and then address these risks by adopting appropriate security measures.

> Read entire article (log in required - registration is free)