THE MAGAZINE

Information Security Guidelines for Banks

By Peter Piazza

Sections of the Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act of 2003 specify a set of security guidelines “relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of customer information.” Helping financial institutions to comply with these guidelines is the goal of a new guide from the Federal Reserve and several thrift regulatory agencies.

The guide defines important terms used in the security guidelines and then outlines the steps companies should follow to develop and implement an information security program, such as conducting assessments of internal and external threats. It also provides methods of assessing policies and procedures.

Since the security guidelines require financial institutions to design an information security program to control the risks identified in the assessment, the guide next describes methods of designing adequate security controls. These include both physical security measures (such as shredding paper records as necessary) and IT security measures (for example, ensuring that deleted data cannot be recovered).

The guidance also covers training staff members and overseeing service providers, and it explains the responsibilities of a financial institution’s board of directors.

@ Visit SM online for a copy of the Interagency Guidelines Establishing Information Security Standards.

AttachmentSize
interagency0406.pdf3.25 MB

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.