GLBA

Challenge & Solution Service Details  

Challenge

Developing, implementing and managing an effective information security program is a difficult task. The regulatory requirements are constantly evolving. The Gramm-Leach-Bliley Act (GLBA) section 501(b) includes requirements to protect customer’s personal information by establishing standards with administrative, technical and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of customer information. The Interagency Guidelines for Establishing Information Security Standards, along with the audit requirements in the Examiners Handbook series, present complex and sometimes overwhelming challenges for many impacted organizations. Every organization that must comply with GLBA must have an information security program and a written plan created and implemented to identify and control risks to customer information and customer information systems and to properly dispose of customer information. The plan must include policies and procedures addressing risk assessment, controls, testing, service-provider oversight, periodic review and updating, and reporting to its board of directors.
Additionally, cybercriminals and hackers continue to exploit new vulnerabilities and release sophisticated cyber threats that leave your organization exposed to potential breaches.
Organizations first need to identify how they use information to meet their business goals and then determine the most cost-effective way to protect their information assets throughout the information security life cycle — a continuous effort that requires expert management, dedicated resources and substantial time.

Solutions

A GLBA Security Program Review managed by FishNet Security provides you with a comprehensive picture of your information security program and posture, which reveals strengths and weaknesses in its technical and non-technical components in relationship to the requirements of the Safeguards rule and industry-leading practices.
We provide you with recommendations and design a strategic security roadmap, or simply identify solutions that can easily resolve your security weaknesses. By conducting an information security program review, there is value to be gained for both maturing and “forming” information security organizations.
FishNet Security also provides a customized approach to understand the specific risks that could challenge any organization that incorporates regulatory requirements such as GLBA. Our consultants evaluate each organization's business drivers and goals — along with specific risks that could put information assets, customer information or the entire organization in jeopardy —  and tailor solutions to help mitigate those risks. A comprehensive series of interviews with key personnel, with reviews of policies, security practices, controls and associated documentation, enables our consultants to provide your organization with a thorough assessment of its risk profile.

Benefits

  • Allows "forming" information security programs to quickly identify the existing environment and areas of key risk
  • Helps organizations gain a greater understanding of security-related activities across the entire organization and a view into "what is working well"
  • Identifies opportunities to gain efficiencies within the security program (removing and improving redundant activities)
  • Aligns your information security strategy with industry-recognized best practices and improves your security and compliance posture
  • Enables you to prioritize policy, organization, access control and compliance initiatives
  • Develops a detailed roadmap of activities that will lead to optimum levels of security and compliance
  • Provides security program justification for senior levels of management
  • Provides actionable roadmaps that give a clear picture of how to execute on our recommendations
  • Establishes a three– to five-year plan to help guide the security program
  • Aligns the security program with the goals and objectives of the business to ensure enablement vs. restriction
  • Improves security posture, resulting in reduced risk and maximized compliance

FishNet Security’s GLBA offering includes a wide range of  services specifically designed to help your organization achieve and ultimately maintain compliance. 

  • Operations Security Assessment
  • Policy and Administrative Controls Assessment
  • Technical and Physical Controls Assessment
  • Information Security Awareness and Training Assessment 
  • Security Management Practices Assessment
  • Incident Response Plan Assessment
  • Business Continuity Plan Assessment
  • Organization Review
  • Information Security Risk Assessment