Products & Services
Consulting & Assessment Services
Ask the Experts
Submit a no-obligation question about what's involved in a GLBA Risk Assessment.
GOT IDEAS? We'd like to hear from you! Post your thoughts on GLBA Compliance & Risk Assessments. FaceBook, Twitter, and the InfoSight Blog.
GLBA Risk Assessment
The Gramm Leach Bliley Act (GLBA) specifies what financial institutions are required to do to protect the privacy of their customers. One of the primary aspects of the development and implementation of a security program that complies with GLBA is to perform a regular assessment of risk to customer information.
InfoSight's GLBA Risk Assessment provides a systematic approach to audit and risk assessment, allowing you to respond to your directors and examiners with confidence. We’ll identify vulnerabilities in your electronic systems, assess the likelihood and potential damage of threats, and assess sufficiency of controls to mitigate risks.
Our GLBA Risk Assessment involves:
- Listing each technology and vendor service and categorizing these systems based on the data they process or store.
- Listing threats and vulnerabilities for each technology and specifying controls for each vulnerability.
- Categorizing controls and developing definitions for control adequacy and residual risk and applying them to each technology.
- Creating various reports showing vulnerabilities, controls, and a risk rating for each technology, as well as which vulnerabilities have insufficient controls, among others.
While the GLBA only specifies a risk assessment of physical and electronic customer data, financial institution examiners are looking for a consolidated risk assessment of all systems that transfer, process, or store electronic data. InfoSight offers a GLBA risk assessment that covers all IT risk management functions including security, outsourcing, and business continuity.
Contact us to help you leverage your existing IT to create a more risk-aware, secure and compliant organization. With more than 20 years of security and compliance experience, we interact with bankers every day and understand how banks run and how bankers work.
Security Awareness Training
Although this requirement is not due until the compliance deadline, we recommend that awareness training be one of your first initiatives. When everyone associated with your organization understands information security, your compliance path gains momentum rather than meeting resistance. You also protect your organization from an embarrassing and potentially costly incident. Read more...
Complementary Services
Vulnerability Assessment
Penetration Testing
Intrusion Detection & Prevention
What is a
GLBA Risk Assessment?
Risk management is the process of identifying, assessing, and reducing the risk to an acceptable level and implementing the right mechanisms to maintain that level of risk. A risk assessment is a method of identifying risks and determining the possible damage that could be caused in order to justify security safeguards. The 3 main goals are: identify risks, quantify the impact of the potential threats and provide an economic balance between the impact of risk and the cost of the safeguard.
Financial services regulations on information security, initiated by the Gramm-Leach-Bliley Act (GLBA), require financial institutions in the United States to create an information security program to ensure the security and confidentiality of customer information; protect against any anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.
Do you have something to add to this definition? Let us know. Email your comments and contributions.
