Talk With an Expert

Security Assessment Guidelines for Financial Institutions

Security Assessment Guidelines for Financial Institutions (PDF, 2.23MB)Published: 08 May, 2003
Created by:
Karen Nelson

This paper will discuss the five information security assessment processes, identified by the Federal Financial Institutions Examination Council (FFIEC)1 and other financial regulators, as core components of a financial institution information security program, especially in fulfilling Gramm-Leach-Bliley Act (GLBA), and relevant with other, similar requirements: identify the risks that may threaten customer information [and the earnings and capital capabilities of the institution]; develop a written plan containing policies and procedures to manage and control these risks; implement security controls; test the security to assure that significant controls are effective and performing as intended; monitor and update - 'Adjust the plan on a continuing basis to account for changes in technology the sensitivity of customer information and internal or external threats to information security.'2