Organizations that operate in the financial services sector may collect Personally Identifiable Information (PII) including names, numbers, addresses as well as more sensitive data such as social security details, credit and loan agreements and investment and insurance information. This data needs to be kept secure and should be protected by a number of policies, procedures and technical controls.
|
|
|
|
The Gramm-Leach-Bliley Act (GLB) was specifically set up to require financial institutions to explain their information sharing practices to their customers whilst also ensuring that they safeguard all sensitive data. In particular, the GLB Act includes the following rules
- The Financial Privacy Rule (requiring financial institutions to notify their customers about their information-sharing practices)
- The Model Form Rule (recommending financial institutions to have consistent privacy notices that consumers can understand)
- The Safeguards Rule (requiring financial institutions to have measures in place to keep customer information secure)
|
|
Nettitude provides advice and guidance for organizations pursuing GLBA compliance. In particular, Nettitude provides Penetration Testing and security audit services to identify whether financial institutions safeguards are functioning correctly.
By targeting sensitive data, such as social security details, credit and loan agreements and investment and insurance information, Nettitude can identify security risks from both within an organization as well as externally through the Internet. Nettitude works with their clients to identify where the threats emanate from, and then develop test vectors to simulate these routes of attack. Testing can include technical assessments that extend across internal and external resources, and cover directory services, web applications, databases, wireless and voice infrastructures. In addition, Nettitude can provide social engineering and spear fishing attacks to identify the risks presented by employees. All of these approaches provide an organization with increased awareness of their vulnerabilities. Nettitude’s remediation advice and guidance also provides a mechanism to fix these exposures and develop the environment to become more secure.
|
To find out how Nettitude can test your technical safeguards and help you achieve compliance with the GLB Act, please complete our contact form and a security consultant will respond to your enquiry. As part of this process, we will look to understand how your environment has been architected, and then define a tailored security assessment to your organizations needs and objectives.