Talk With an Expert

Security Assessment Guidelines for Financial Institutions

Security Assessment Guidelines for Financial Institutions (PDF, 2.23MB)Published: 08 May, 2003
Created by
Karen Nelson

This paper will discuss the five information security assessment processes, identified by the Federal Financial Institutions Examination Council (FFIEC)1 and other financial regulators, as core components of a financial institution information security program, especially in fulfilling Gramm-Leach-Bliley Act (GLBA), and relevant with other, similar requirements: identify the risks that may threaten customer information [and the earnings and capital capabilities of the institution]; develop a written plan containing policies and procedures to manage and control these risks; implement security controls; test the security to assure that significant controls are effective and performing as intended; monitor and update - 'Adjust the plan on a continuing basis to account for changes in technology the sensitivity of customer information and internal or external threats to information security.'2