Skip to content
 

GLBA Compliance Without the Headache

Answered by: 
BOL Guru

Question: 
A big part of our IT Security budget is spent on GLBA compliance. Are we doing something wrong?
Answer: 

GLBA compliance can become a headache only if you don't get it right the first time. While regulators may give you more time to make corrections, the cost of going back and doing the same things a second time can unnecessarily use up constrained budget resources. As an overview, here is what GLBA requires:

  • Implementing and maintaining a comprehensive and ongoing information security program.
  • Assessing and evaluating threats and associated risks with the help of comprehensive risk assessments.
  • Implementing controls that are commensurate with the associated risk identified in the risk assessment process.
  • Implementing pretexting protection, which includes safeguards against social engineering attacks, in the form of evaluations, audits and employee training.
  • Oversight of service providers.
  • Board of Directors involvement and approval, supported by annual reporting.



First published on BankersOnline.com 3/16/09

First published on 03/16/2009

Filed under: 
Compliance
Operations
Security
Filed under compliance as: 
Board of Directors
Directors
Employee
GLBA
IT
Regulators
Reporting
Security
Training
Filed under operations as: 
Board of Directors
Budget
Directors
Employee
GLBA
IT
Regulators
Security
Training
Filed under security as: 
Board of Directors
Budget
Directors
Employee
GLBA
IT
Regulators
Reporting
Security
Training

Report a problem with this page

Search Topics