Satisfying GLBA Requirements: Log Management

Satisfying GLBA Requirements: Log Management The Gramm-Leach-Bliley Act (GLBA), also known as The Financial Modernization Act of 1999, was enacted to ensure protection over customer's records and information. Authorization to implement this act was given to The Federal Trade Commission (FTC) with an effective date for compliance set on May 23, 2003.

GLBA consists of three primary parts;
1. The Financial Privacy Rule
2. Safeguards Rule, and
3. Pretexting provisions

These rules and provisions make up the requirements for financial institutions to (a) ensure protection of the security and confidentiality of customer's nonpublic personal information (NPI), (b) implement administrative, technical, and physical safeguards, (c) protect against anticipated threats and hazards to information security, and (d) protect against unauthorized access to or use of information. These requirements extend to an institutions business partners as well. Noncompliance can result in penalties that include criminal prosecution, monetary fines and up to 5 years in prison.

To satisfy these legal requirements, financial institutions are required to perform security risk assessments, develop and implement security solutions that effectively detect, prevent, and allow timely incident response, and to perform auditing and monitoring of their security environment. Section 501(b) of the GLBA established the high-level privacy and security requirements that financial institutions must comply with in order to protect customer information.

The collection, management, and analysis of log data are integral to meeting many GLBA requirements. The use of LogRhythm directly meets some requirements and decreases the cost of complying with others.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.