SlideShare a Scribd company logo

Is Security Team 2 Glba

Download as PPT, PDF
G
guestfd062

The Gramm-Leach-Bliley Act (GLBA) removed regulations prohibiting mergers between banks, insurance companies, and brokerage firms. Title V of GLBA addressed privacy concerns by requiring financial institutions to implement safeguards to protect customers' personal information, disclose privacy policies, and allow customers to opt out of information sharing. The GLBA oversaw regulations for financial institutions, their service providers, and any companies receiving customer information.

TechnologyBusiness
1 of 23
Downloaded 40 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
The Gramm-Leach Bliley Act Presented By: Team II Catherine King Alex Kelley Saahil Goel Steven Irvine
The Financial Services Modernization Act or the Gramm-Leach-Bliley Act (GLBA) was introduced in November 1999 Main goal: remove regulations (especially Glass Steagall Act of 1933) that did not allow banks, insurance firms and stock brokerage firms to merge Contains 7 titles
Title V refers to Privacy Introduced because: Merged financial institutions would have access to a large quantity of citizens’ personal information Could sell information to third parties Three requirements in GLBA: Comprehensive information security for storing personal data Disclosure of privacy policy to clients Customers given the right to opt out of information sharing schemes Compliance deadline: May 23, 2003
Information security program coordinator Identity risks Safeguard to control the risks Oversee service providers Evaluate and adjust the program GLBA requires administrative, technical and physical safeguards
Financial Institutions: Companies that offer financial products or services to individuals including: Loans Financial or Investment Advice Insurance Other Companies: Non Financial Institutions who receive customers’ personal financial information
Non Financial Institution Examples Retailers American Eagle Outfitters Macy’s Dell All companies that information is shared with
Businesses’ Protection A business is not an individual with personal nonpublic information Not Protected under GLBA Individuals’ Protection Customer – those with a continuing relationship Consumer – those with a non continuing relationship
Companies that fall under the GLBA must create and distribute a Privacy Policy Governs the collection and disclosure of customers’ personal financial information
A Privacy Policy must achieve the following: Clear, Conspicuous, and Accurate Explanation of personal nonpublic information collected Explanation of how the information is shared Explanation of how the information is used Explanation of how the information is protected
Privacy Policy must be provided to a customer : In person delivery or by mail Relationship is established Annually thereafter Upon policy changes
Opt-Out Rights Customers and Consumers have the right to say No to having their information shared. Does not include information sharing with company affiliates No Opt-Out Rights Information sharing is essential Disclosure is legally required Outside service providers that market the company’s products/services.
Safeguard Rule requires financial institution to develop, implement, and maintain a “comprehensive information security program” that is written “in one or more readily accessible parts”, which contains “administrative, technical and physical safeguards” designed to “to protect the security confidentiality, and integrity of customer information”.
Ensure security and confidentiality of customer info Protect against anticipated threats or hazards Protect against unauthorized access or use of customer info (that can harm/inconvenience customer)
Designate one of more employees to coordinate its information security program Identify and assess risks to customer info in each relevant part of the company OPS Evaluate current safeguards Regularly monitor and test it Designed to be flexible Different company divisions and unique risks raised by their business OPS
Employee Management and Training Background checks on new employees Confidentiality agreement Training Disciplinary Action Knowing were sensitive info is and keeping it secure Information Systems - Encrypting sensitive info - Proper disposal of customer info
- Maintaining up-to-date firewalls - Monitor websites of your software vendors Detecting and Managing System Failures Oversight and audit procedures Notifying those affected and law if a breach occurs
GLBA Agency Financial Institutions Board of Governors of the Federal Reserve System Bank holding companies; member banks of the Federal Reserve System Commodity Futures Trading Commission Commodities brokers Department of the Treasury, Office of the Comptroller of the Currency (OCC) National banks; federal branches of foreign banks Department of the Treasury, Office of Thrift Supervision (OTS) Savings associations insured by the FDIC Federal Deposit Insurance Corporations (FDIC) Banks they insure, not including Federal Reserve System members Securities and Exchange Commission (SEC) Securities brokers and dealers; investment companies National Credit Union Administration Federally insured credit unions Federal Trade Commission (FTC) Institutions not covered by the other agencies
Varieties of fines – 5 years of imprisonment GLBA Company liable for $100,000 for each violation Company directors liable for $10,000 for each violation Section 8 of the Federal Deposit Insurance Act. Termination of FDIC insurance Cease and Desist Orders Removal of management Fines of $1000,000 or > of 1% of total assets Reputation: customer trust, lost future business
Impacted Systems Vulnerability assessment tests Intrusion detection monitors Password management programs System and physical access control systems Encryption of customer data Business Continuity Plans Floods, fire, earthquakes, etc. Security Policies Constantly re-evaluate, measure and update Set benchmarks and enforce those
People 75% of breaches are due to insiders Top management awareness and absolute buy-in Strict security policies Internal process to enforce policies Segregation of duties – better access control Training Awareness Process, impact, scope, actions Surveys, assessments and internal certifications
1997: Charter Pacific Bank: sold credit cards to adult website 1998: NationsBank shared customer information with its subsidiary affiliate, NationsSecurities June 1999: US Bank shared customer data with a telemarketer, in violation of its own policy
Sunbelt (2004): did not provide privacy information to its online customers FTC imposed biannual audits of Sunbelt’s information security program by independent professionals for 10 years Goal Financial (2008): as a result of security failures, employees transferred files containing consumer information to third parties
Questions?

More Related Content

PPT
Corporate Compliance Management (CCM) : A Systematic Approach
Pavan Kumar Vijay
 
PPTX
Corporate Compliance Overview
Sam Carr
 
PDF
Introduction To R
Spotle.ai
 
PPTX
Factor analysis
ashishjaswal
 
PPTX
7 keys to fraud prevention
Ron Steinkamp
 
PDF
Role of Internal Audit in fraud prevention and detection
Zeeshan Shahid
 
PPTX
Multivariate analysis - Multiple regression analysis
RaihanathusSahdhiyya
 
PPTX
Fraud Risk and Control
WeaverCPAs
 
Corporate Compliance Management (CCM) : A Systematic Approach
Pavan Kumar Vijay
 
Corporate Compliance Overview
Sam Carr
 
Introduction To R
Spotle.ai
 
Factor analysis
ashishjaswal
 
7 keys to fraud prevention
Ron Steinkamp
 
Role of Internal Audit in fraud prevention and detection
Zeeshan Shahid
 
Multivariate analysis - Multiple regression analysis
RaihanathusSahdhiyya
 
Fraud Risk and Control
WeaverCPAs
 

Similar to Is Security Team 2 Glba (20)

PPT
Protecting Donor Privacy
Raymond Cunningham
 
PPT
Implementing an Information Security Program
Raymond Cunningham
 
PPTX
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
Brent Hillyer
 
PDF
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
PDF
Acc 675 control audit final project
Kelly Giambra
 
PPTX
A Primer on U.S. Privacy and Security Law for Business
Parsons Behle & Latimer
 
PDF
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
PPT
Legal issues of domain names & trademarks
Matt Siltala
 
PPTX
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Jim Brashear
 
PPT
Data Risks In A Digital Age
padler01
 
PPTX
2017-01-24 Introduction of PCI and HIPAA Compliance
Raffa Learning Community
 
PDF
Trends 121415 Citizens Bank
Michael Ouellet
 
PDF
2016 02-23 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
PDF
CSR PII White Paper
Dmcenter
 
PDF
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
 
PPT
Powerpoint mack jackson
aiimnevada
 
PPTX
Internet security and privacy issues
JagdeepSingh394
 
PPTX
Ethical issues and concerns in management informatio system
an5955197
 
PPS
Adrs Presentation March 2008
guestabd20
 
PPTX
Privacy Do's and Don'ts for Customer Service Representatives
Art Hall
 
Protecting Donor Privacy
Raymond Cunningham
 
Implementing an Information Security Program
Raymond Cunningham
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
Brent Hillyer
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
Acc 675 control audit final project
Kelly Giambra
 
A Primer on U.S. Privacy and Security Law for Business
Parsons Behle & Latimer
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Legal issues of domain names & trademarks
Matt Siltala
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Jim Brashear
 
Data Risks In A Digital Age
padler01
 
2017-01-24 Introduction of PCI and HIPAA Compliance
Raffa Learning Community
 
Trends 121415 Citizens Bank
Michael Ouellet
 
2016 02-23 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
CSR PII White Paper
Dmcenter
 
The Most Wonderful Time of the Year for Health-IT...NOT
Compliancy Group
 
Powerpoint mack jackson
aiimnevada
 
Internet security and privacy issues
JagdeepSingh394
 
Ethical issues and concerns in management informatio system
an5955197
 
Adrs Presentation March 2008
guestabd20
 
Privacy Do's and Don'ts for Customer Service Representatives
Art Hall
 
Ad

More from guestfd062 (7)

PPT
Cp Team Caffeine Hosting Provider
guestfd062
 
PPT
Global It Industry – Oracle
guestfd062
 
PPT
Team Technology Webinar Saahil Goel Hw1
guestfd062
 
PPT
Saahil Goel Is Issue Identification
guestfd062
 
PPT
Saahil Goel Industry Profile
guestfd062
 
PPT
Saahil Goel Firm Profile
guestfd062
 
PPT
Saahil Goel Is Issue Background
guestfd062
 
Cp Team Caffeine Hosting Provider
guestfd062
 
Global It Industry – Oracle
guestfd062
 
Team Technology Webinar Saahil Goel Hw1
guestfd062
 
Saahil Goel Is Issue Identification
guestfd062
 
Saahil Goel Industry Profile
guestfd062
 
Saahil Goel Firm Profile
guestfd062
 
Saahil Goel Is Issue Background
guestfd062
 
Ad

Recently uploaded (20)

PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
August Patch Tuesday
Ivanti
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Approach and Philosophy of On baking technology
30anthuong17
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
project resource management chapter-09.pdf
ssuser00e6e21
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 

Is Security Team 2 Glba

  • 1. The Gramm-Leach Bliley Act Presented By: Team II Catherine King Alex Kelley Saahil Goel Steven Irvine
  • 2. The Financial Services Modernization Act or the Gramm-Leach-Bliley Act (GLBA) was introduced in November 1999 Main goal: remove regulations (especially Glass Steagall Act of 1933) that did not allow banks, insurance firms and stock brokerage firms to merge Contains 7 titles
  • 3. Title V refers to Privacy Introduced because: Merged financial institutions would have access to a large quantity of citizens’ personal information Could sell information to third parties Three requirements in GLBA: Comprehensive information security for storing personal data Disclosure of privacy policy to clients Customers given the right to opt out of information sharing schemes Compliance deadline: May 23, 2003
  • 4. Information security program coordinator Identity risks Safeguard to control the risks Oversee service providers Evaluate and adjust the program GLBA requires administrative, technical and physical safeguards
  • 5. Financial Institutions: Companies that offer financial products or services to individuals including: Loans Financial or Investment Advice Insurance Other Companies: Non Financial Institutions who receive customers’ personal financial information
  • 6. Non Financial Institution Examples Retailers American Eagle Outfitters Macy’s Dell All companies that information is shared with
  • 7. Businesses’ Protection A business is not an individual with personal nonpublic information Not Protected under GLBA Individuals’ Protection Customer – those with a continuing relationship Consumer – those with a non continuing relationship
  • 8. Companies that fall under the GLBA must create and distribute a Privacy Policy Governs the collection and disclosure of customers’ personal financial information
  • 9. A Privacy Policy must achieve the following: Clear, Conspicuous, and Accurate Explanation of personal nonpublic information collected Explanation of how the information is shared Explanation of how the information is used Explanation of how the information is protected
  • 10. Privacy Policy must be provided to a customer : In person delivery or by mail Relationship is established Annually thereafter Upon policy changes
  • 11. Opt-Out Rights Customers and Consumers have the right to say No to having their information shared. Does not include information sharing with company affiliates No Opt-Out Rights Information sharing is essential Disclosure is legally required Outside service providers that market the company’s products/services.
  • 12. Safeguard Rule requires financial institution to develop, implement, and maintain a “comprehensive information security program” that is written “in one or more readily accessible parts”, which contains “administrative, technical and physical safeguards” designed to “to protect the security confidentiality, and integrity of customer information”.
  • 13. Ensure security and confidentiality of customer info Protect against anticipated threats or hazards Protect against unauthorized access or use of customer info (that can harm/inconvenience customer)
  • 14. Designate one of more employees to coordinate its information security program Identify and assess risks to customer info in each relevant part of the company OPS Evaluate current safeguards Regularly monitor and test it Designed to be flexible Different company divisions and unique risks raised by their business OPS
  • 15. Employee Management and Training Background checks on new employees Confidentiality agreement Training Disciplinary Action Knowing were sensitive info is and keeping it secure Information Systems - Encrypting sensitive info - Proper disposal of customer info
  • 16. - Maintaining up-to-date firewalls - Monitor websites of your software vendors Detecting and Managing System Failures Oversight and audit procedures Notifying those affected and law if a breach occurs
  • 17. GLBA Agency Financial Institutions Board of Governors of the Federal Reserve System Bank holding companies; member banks of the Federal Reserve System Commodity Futures Trading Commission Commodities brokers Department of the Treasury, Office of the Comptroller of the Currency (OCC) National banks; federal branches of foreign banks Department of the Treasury, Office of Thrift Supervision (OTS) Savings associations insured by the FDIC Federal Deposit Insurance Corporations (FDIC) Banks they insure, not including Federal Reserve System members Securities and Exchange Commission (SEC) Securities brokers and dealers; investment companies National Credit Union Administration Federally insured credit unions Federal Trade Commission (FTC) Institutions not covered by the other agencies
  • 18. Varieties of fines – 5 years of imprisonment GLBA Company liable for $100,000 for each violation Company directors liable for $10,000 for each violation Section 8 of the Federal Deposit Insurance Act. Termination of FDIC insurance Cease and Desist Orders Removal of management Fines of $1000,000 or > of 1% of total assets Reputation: customer trust, lost future business
  • 19. Impacted Systems Vulnerability assessment tests Intrusion detection monitors Password management programs System and physical access control systems Encryption of customer data Business Continuity Plans Floods, fire, earthquakes, etc. Security Policies Constantly re-evaluate, measure and update Set benchmarks and enforce those
  • 20. People 75% of breaches are due to insiders Top management awareness and absolute buy-in Strict security policies Internal process to enforce policies Segregation of duties – better access control Training Awareness Process, impact, scope, actions Surveys, assessments and internal certifications
  • 21. 1997: Charter Pacific Bank: sold credit cards to adult website 1998: NationsBank shared customer information with its subsidiary affiliate, NationsSecurities June 1999: US Bank shared customer data with a telemarketer, in violation of its own policy
  • 22. Sunbelt (2004): did not provide privacy information to its online customers FTC imposed biannual audits of Sunbelt’s information security program by independent professionals for 10 years Goal Financial (2008): as a result of security failures, employees transferred files containing consumer information to third parties