Network Security for the Financial Industry
Network security does not mean installing antivirus software or strengthening firewalls. Network security is essential for businesses and organizations that store data electronically. Businesses must have a network security policy that includes periodic assessments to ensure they meet industry best practices as well as comply with laws such Sarbanes-Oxley and HIPAA.
Business continuity planning (or BCP) is a broad term that
covers the development of strategies to minimize financial losses, serve
customers with minimal disruptions and reduce any negative consequences. BCP
encompasses all aspects of a company, but also includes information technology.
This includes mitigating possible threat scenarios through risk management
practices and assessment sophos
España
Federal laws and industry best practices set specific BCP
standards in the financial sector. Federal Financial Institutions Examination
Council (FFIEC), lists all standards and report forms that can be used to
conduct federal inspections of financial institutions. The FFIEC IT Handbook
also contains information about network security. FFIEC IT Handbook outlines a
program that audits businesses. It involves the evaluation of risk management
practices and compliance to corporate policy. A bank's audit program must
identify and reduce the risk exposure.
Gramm Leach Bliley Act of 1999, also known as GLBA, overlaps
with FFIEC IT Handbook. It provides additional guidelines for protecting
non-public information. Specifically, GLBA mandates that financial institutions
have administrative, technical and physical security measures in place to
protect against unauthorized access and other security threats. GLBA requires
financial institutions to have a risk-based security plan with oversight, risk
management, assessment, controls, training, and reporting.
The FFIEC IT Handbook also includes E-banking. This refers
to the storage and protection of customer information. Financial institutions
are exposed to greater risks when E-banking is used. To combat these, security
controls must be in place to protect customer information. Ineffective controls
can make a financial institution liable for any unauthorized transactions or
violate customer privacy laws.
Comments
Post a Comment