The Agency Insider with Linda McGlasson

GLBA and Security Avoidance Questions - Why Are We Not Surprised?

GLBA and Security Avoidance Questions - Why Are We Not Surprised?

Last month I wrote several articles on GLBA compliance, and I asked several people I know who are fluent in these issues what are some of the most common questions they face on GLBA as a security manager or assessor at the institutions they either work at or are assessing?

The one that stands out as the number one sign that there is something wrong with the approach many financial services companies are taking on GLBA - "What is the bare minimum we can do and still operate as a business?" Not that I was surprised to hear this question, but the fact that it came from a really large financial services company did surprise me. I expected it would come from small entities with limited budgets and manpower.

Now, I won't be able to tell you where this person worked -- let's just say he was at one of the world's largest fund managers. This person was charged with development and coordination of an overall infrastructure security strategy, which included operations and compliance management. He says it shouldn't be a surprise that some could consider information security as "just another tax, or as a simple hurdle in the way of their success."

His approach -- encourage people to avoid that dangerously short-sighted approach and instead take a strategic and forward-thinking position. GLBA compliance is not a one-time problem that can be offset with insurance, but rather represents a whole new way of thinking about assets and the market.

Another popularly asked question was about the "X, Y or Z technology" solutions offered by the GLBA vendors (it seems everyone these days has a GLBA compliance "solution") and would it achieve compliance? The answer? It would be like buying a hammer so they could stop worrying about leaks in the roof. The hammer won't work on its own. Security and compliance benefit from technology, but comprehensive management and design is the key to compliance success.

Is there any compliance pressure hitting your institution? You can take this advice and delegate someone to find the compliance leaks in a timely fashion and use that hammer to prevent them. Doing the right thing can become much easier when security managers are allowed to focus on solutions - and let go of the pursuit of an easy fix, simple purchase, or quick buy, which invariably produce short-term savings but long-term security pains

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.