Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

ISO 17799 and 27001: Setting the Standards for Information Security

Management Guidelines
Risk Management

Financial institutions are subject to a slew of laws and regulations aimed at information security. There's Gramm-Leach-Bliley (privacy), Federal Financial Institutions Examination Council (authentication and online banking), and Payment Card Industry (card security). There's also California's and other states' data breach disclosure laws, and the Sarbanes-Oxley Act, which requires IT to test the effectiveness of controls over financial-reporting systems. And the European Union's privacy laws, etc.

While these laws and regulations do a good job of defining the scope of information security and spelling out the role of information security in risk management, they have little to say about what constitutes effective information security or how to achieve it. Fortunately, the International Standards Organization has developed two standards that do precisely that, and by adhering to them banks can go a long way toward satisfying regulatory compliance requirements.

> Read entire article (log in required - registration is free)