This information security pocket guide provides executives, managers and auditors with a proven framework so that you may successfully (1) put measures in place to keep your customer information secure, and (2) take steps to make sure that affiliates and service providers safeguard customer information in their care. This approach allows management to quickly identify critical controls, and those areas where mitigation efforts may not be keeping pace with the increase in threats.
The following sections will enable you to identify and clarify the tasks necessary to achieve compliance with the Gramm-Leach-Bliley Act (GLBA), which requires that all companies, offering consumer financial products or services, explain their information sharing practices to their customers and safeguard sensitive data. Additionally, you will gain clarity on the tasks necessary to oversee outsourced service providers, including technology service providers, as well as any critical service providers not related to technology.
The framework described in this document is a tool which will allow you to quantify and document the inherent and residual risks so that you can easily determine a critical risk levels as well as controls for each threat. The framework also serves as a mechanism with which you will be able to develop an action plan to communicate the risks and controls to management in a clear and focused manner. This framework works for all risk assessments not just GLBA or Service Provider Oversight, but is an excellent framework to assess Operational and Financial risk management as well
Frederick Cox is a leading expert in designing and auditing security and information systems. He provides unique guidance and tools, which allow companies, particularly financial institutions, to meet and exceed regulatory and Sarbanes-Oxley (SOX) standards. He is a Master at identifying and clarifying Information Technology risks, and successfully coordinating remediation efforts for governments and companies, which have included some of the largest financial institutions in the world.
Learn from one of the best, who for over 25 years has demonstrated outstanding results as a specialist in global information security. Frederick Cox is founder and President of FDC Associates, LLC, one of the most trusted providers of IT Security process design and Internet Technology Audit and Network Security in the United States. Mr. Cox did his undergraduate work at the University of California, Santa Cruz. His graduate work was at the Tepper School of Business at Carnegie-Mellon and the Tulane Law School.
The following sections will enable you to identify and clarify the tasks necessary to achieve compliance with the Gramm-Leach-Bliley Act (GLBA), which requires that all companies, offering consumer financial products or services, explain their information sharing practices to their customers and safeguard sensitive data. Additionally, you will gain clarity on the tasks necessary to oversee outsourced service providers, including technology service providers, as well as any critical service providers not related to technology.
The framework described in this document is a tool which will allow you to quantify and document the inherent and residual risks so that you can easily determine a critical risk levels as well as controls for each threat. The framework also serves as a mechanism with which you will be able to develop an action plan to communicate the risks and controls to management in a clear and focused manner. This framework works for all risk assessments not just GLBA or Service Provider Oversight, but is an excellent framework to assess Operational and Financial risk management as well
Frederick Cox is a leading expert in designing and auditing security and information systems. He provides unique guidance and tools, which allow companies, particularly financial institutions, to meet and exceed regulatory and Sarbanes-Oxley (SOX) standards. He is a Master at identifying and clarifying Information Technology risks, and successfully coordinating remediation efforts for governments and companies, which have included some of the largest financial institutions in the world.
Learn from one of the best, who for over 25 years has demonstrated outstanding results as a specialist in global information security. Frederick Cox is founder and President of FDC Associates, LLC, one of the most trusted providers of IT Security process design and Internet Technology Audit and Network Security in the United States. Mr. Cox did his undergraduate work at the University of California, Santa Cruz. His graduate work was at the Tepper School of Business at Carnegie-Mellon and the Tulane Law School.