Answer:
Use a collective approach. Combining requirements of different regulations and addressing them collectively will not only save you a significant amount of time and money, but will also equip you with more efficient and effective information security. The main regulations/standards that a bank would face comprise the GLBA, FACTA and PCI DSS. The areas below can be collectively addressed:
- Risk Assessments
- Comprehensive Program
- Penetration Testing and Vulnerability Assessments
- Social Engineering
- Employee Training
- Service Provider Oversight
While it is true that the GLBA focuses on information security while the FACTA emphasizes identity theft, these are areas of considerable overlap where one cannot really be considered without taking the other into perspective. Similarly, the GLBA and PCI DSS have a number of requirements that are almost common. The approach will not only get you cost-efficient compliance, but also robust information security.
First published on BankersOnline.com 3/09/09
print
share