Transcript of Security Expert Rebecca Herold:Total Information Protection

Risk Management

Swart: I would like to start by talking about what are the personal risks that executives of financial institutions face if they fail to implement effective security or to comply with IT security regulations.

Herold: Well, there are many. It is first important though for the financial institution leaders to understand that there are many laws and regulations requiring information security programs and these programs must be built based upon risk assessments directly related to safeguarding customer information. Some of the laws and regulations include the U.S.A. Patriot Act, the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, the Fair and Accurate Credit Transactions Act. Also the FFIEC IT Examination Handbook, the FDIC IT Examination Workpaper, the OTC Consumer Regulations Handbook and various other oversight agencies guidance requires and emphasizes the importance and responsibilities of executive leaders to ensure security is in place.

Besides those, there are at least 39 state level breach notice laws along with hundreds of other state laws that address and require institutions to provide data protection activities. And then, if your organization has offices outside the U.S., there are over 100 data protection laws within countries throughout the world.

> Read entire article (log in required - registration is free)