Gramm-Leach-Bliley Act and Its Impact on Sysadmims? 17
NetworkCop asks: "Hi, I was recently reading a white paper on a company that helped banks to comply with the Gramm-Leach-Bliley Security Act. However, it sounded like it was a simple Nessus/NMAP scan. Does anyone here have experience implementing the requirement of this Act in a *nix platform?"
In case you are like me.... (Score:5, Informative)
Re:In case you are like me.... (Score:3, Informative)
Re:In case you are like me.... (Score:2)
(It was basically a way to get the banks to spy on everybody with an account and send the results to the government, only the banks had to shoulder the entire expense of doing so.)
Lawyer (Score:3, Informative)
If you work at a university, or other organization, talk to your entity's legal counsel.
There is no substitute for professional legal advice which applies to your particular situation.
Woah (Score:2)
I guess they just don't teach em like they used to.
GLB requirements (Score:5, Informative)
They are:
-all data is private, you must keep it secure
-vendors handling your data must keep it at least as secure as you are required to
-I can't remember the 3rd at this time of night
Anyway, if I found out during the exam that the party who performed an "audit" only did a simple port scan, I certainly wouldn't hesitate in letting the credit union know that they were taken advantage of and their "security audit" was most likely unacceptable and could not be relied upon as showing due diligence in execution of their duties. I've had some extremely small credit unions tell me that their DSL Internet connection has a firewall....a Linksys cable/modem router and ZoneAlarm Pro! and they were serious!
Due to varying circumstances, I give a lot of leeway in what is required of these financial institutions. I don't necessarily require them to have an IDS or a firewall. It all depends on their particular circumstances. However, if there is even a possibility of remote access, I scrutinize their setups and make recommendations on what they can do to improve the situation and cover their asses.
SysadMIMs?? what are those? (Score:2)
I'm beginning to think slash should include a spell checker, and warn before committing a story.
Re:SysadMIMs?? what are those? (Score:3, Funny)
Re:SysadMIMs?? what are those? (Score:1)
Re:Just like HIPPA (Score:1, Informative)
stands for Health Insurance Portability and Accountability Act
GLBA Compliance Requirements (Score:5, Informative)
Interagency Guidelines Establishing Standards For Safeguarding Customer Information [ffiec.gov]
Interagency Guidelines
In our GLBA audits, some of the things examiners were looking for the most were:
One last excellent resource is the FFIEC Information Technology Examination Handbook [ffiec.gov].
Kevin
Re:GLBA Compliance Requirements (Score:1)
contact me offlist would you?
jataaah_dyk@hotmail.com
thx
TAC
New Handbook Explains All (Score:1)