It's been more than 10 years since enactment of the Gramm-Leach-Bliley Act (GLBA). But the fundamental security tenets of GLBA are just as relevant today - especially as banking institutions look to conform to the recently released FFIEC supplement, "Authentication in an Internet Banking Environment."
Join banking and fraud experts George Tubin of GT Advisors and Jeff Multz of Dell SecureWorks for insights on security versus compliance, as they discuss:
The overarching principles of a comprehensive GLBA information security program;
How the updated FFIEC Authentication Guidance aligns with GLBA;
Key recommendations for deploying layered controls to ensure security and compliance.
The adage "Compliance doesn't ensure good security, but good security almost always ensures compliance" continues to ring true in 2012, as financial institutions seek to comply with the updated FFIEC guidance on online banking.
"Layered security" is a requirement of the new guidance released in 2011, but what does that really mean to banks and credit unions that are preparing for examinations? While financial institutions with an establised GLBA information security program and culture most likely were compliant with the new requirements before they were published, many banks and credit unions are still ill prepared to meet the examiners - and as a result, may lack fundamental security controls.
Consider the core requirements of GLBA's Safeguards Rule, which requires institutions to:
Develop a written information security plan;
Appoint at least one employee to manage the safeguards;
Conduct a risk assessment of on each department handling private information;
Develop, monitor, and test the information security program;
Amend safeguards as necessary with changes in how information is collected, stored and used.
Risk assessments, security controls and monitoring all are core components of the updated FFIEC Authentication Guidance, as well.
In this session, George Tubin, noted expert in banking security, fraud and compliance, will discuss the key elements of GLBA and the FFIEC guidance with an eye toward offering new insights on:
Strategies for ensuring both security and compliance;
A practical approach to layered security;
Regulatory trends - what to expect next for guidance.
Following Tubin's presentation, Jeff Multz, Director of North America Midmarket Sales for Dell SecureWorks, will discuss the banking and security trends Dell SecureWorks is seeing and how institutions can respond to them.
Director - North America Midmarket Sales, Dell SecureWorks
Jeff Multz is the Director of North America Midmarket Sales for Dell SecureWorks (SecureWorks was acquired by Dell Inc. in February 2011). Jeff has been an integral member of SecureWorks since 2003. He and his team help organizations of all sizes reduce their business and IT security risks and augment their IT team where needed.
As a former programmer for financial institutions, Jeff has a pulse on the financial industry, understanding the challenges that banks and credit unions face regularly. He often addresses organizations on IT security through educational presentations and articles in the media. To add to his credentials, Jeff is a graduate of Mercer University and holds a Bachelor of Science Degree in Computer Science. He is also a nationally certified financial supplier through CUES.
Tubin is Director of Marketing at Transmit Security and a recognized expert in digital banking and payments security and cyber-fraud prevention. He was previously Vice President of Marketing at Socure and Senior Research Director with the leading financial services research firm CEB TowerGroup (acquired by Gartner, Inc.) where he delivered thought leadership and insights to leading financial services institutions, technology providers, and consultancies on business strategies, technologies, and market trends in retail, Internet and mobile banking, and fraud management.