Premium Essay

Gathering Information Pertaining to a Glba Compliance

In:

Submitted By CyberSis
Words 1267
Pages 6
Lab#5
Define a process for Gathering Information pertaining to a GLBA Compliance
1. GLBA repealed parts of an act. Name the act and explain why it was significant for financial institutions and insurance companies. Parts of the glass Steagall act of 1933 GLBA allows financial institutions such as banks to act as insurance companies. GLBA covers both financial institutions and insurance companies since both can perform financial services for its customers. This reform requires banks and insurance companies to comply with both the privacy and safeguard rules of GLBA.
2. What is another name for obtaining information under false pretenses and what does it have to do with GLBA? What is an example of the safeguard pertinent to this requirement? Pre-texting or social engineering. GLBA specifically mentions this in title 15 US code chapter 94 sub chapter 2, section 6821. GLBA encourages companies to implement safeguards around pre-texting and social engineering. Security awareness training and periodic reminders of awareness to pre-texting and social engineering is a best practice performed within the user domain.
3. How does GLBA impact information system security and the need for information systems security practitioners and professionals? The safeguards rule within GLBA requires financial institutions and insurance companies to develop security plan detailing how they will protect their customers nonpublic personal information. The safeguards rule impacts the security plan throughout the 7 domains of a typical IT infrastructure in regards to protecting nonpublic personal information.
4. If your organization is a financial institution or insurance company that is also publicly traded, what other compliance law must you comply with? The Sarbanes-Oxley act. Proper security controls and safeguards must be designed and implemented to protect the nonpublic

Similar Documents

Premium Essay

Lab5

...Page » Computers and Technology Gathering Information Pertaining to a Glba Compliance In: Computers and Technology Gathering Information Pertaining to a Glba Compliance Lab#5 Define a process for Gathering Information pertaining to a GLBA Compliance 1. GLBA repealed parts of an act. Name the act and explain why it was significant for financial institutions and insurance companies. Parts of the glass Steagall act of 1933 GLBA allows financial institutions such as banks to act as insurance companies. GLBA covers both financial institutions and insurance companies since both can perform financial services for its customers. This reform requires banks and insurance companies to comply with both the privacy and safeguard rules of GLBA. 2. What is another name for obtaining information under false pretenses and what does it have to do with GLBA? What is an example of the safeguard pertinent to this requirement? Pre-texting or social engineering. GLBA specifically mentions this in title 15 US code chapter 94 sub chapter 2, section 6821. GLBA encourages companies to implement safeguards around pre-texting and social engineering. Security awareness training and periodic reminders of awareness to pre-texting and social engineering is a best practice performed within the user domain. 3. How does GLBA impact information system security and the need for information systems security practitioners and professionals? The safeguards rule within GLBA requires financial institutions and...

Words: 343 - Pages: 2

Premium Essay

Audit

...Student Lab Manual © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Student Lab Manual © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Auditing IT Infrastructures for Compliance © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION IS4680 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett©Learning, LLC Learning, LLC, an Ascend Learning Company Bartlett Current Version Date: 11/21/2011 © Jones & Learning, LLC Copyright 2013 by Jones & Bartlett www.jblearning.com! NOT FOR SALE OR DISTRIBUTION ...

Words: 30948 - Pages: 124

Premium Essay

Information Security

...effect date, April 21, 2000, affects U. S. commercial Web sites and third-party commercial Web sites that schools permit their students to access. "COPPA requires "operators of websites or online services directed to children and operators of websites or online services who have actual knowledge that the person from whom they seek information is a child (1) To post prominent links on their websites to a notice of how they collect, use, and/or disclose personal information from children; (2) With certain exceptions, to notify parents that they wish to collect information from their children and obtain parental consent prior to collecting, using, and/or disclosing such information; (3) Not to condition a child's participation in online activities on the provision of more personal information than is reasonably necessary to participate in the activity; (4) To allow parents the opportunity to review and/or have their children's information deleted from the operator’s database and to prohibit further collection from the child; and (5) To establish procedures to protect the confidentiality, security, and integrity of personal information they collect from children. Non-profit sites are not included in the act; however, many are voluntarily complying. The Children's Internet Protection Act went into effect April 20, 2001, requiring that schools and libraries that receive certain types of federal technology funding have safe-use Internet policies. The policies require...

Words: 2799 - Pages: 12

Premium Essay

Computer Science

...out of 0.5 points | | | What name is given to an act carried out in the open?Answer | | | | | Selected Answer: |    overt act | Correct Answer: |    overt act | | | | |  Question 2 0 out of 0.5 points | | | What is a characteristic of a hardened computer or device?Answer | | | | | Selected Answer: |    Unnecessary services have been turned off or disabled | Correct Answer: |    Both A and B | | | | |  Question 3 0.5 out of 0.5 points | | | Social engineering is a fancy phrase for lying. It involves tricking someone into sharing confidential information or gaining access to sensitive systems. In many cases, the attacker never comes face to face with the victim. Instead, the attacker might phone an employee and pose as a (n) ________________________. All too often, attackers trick employees into sharing sensitive information. After all, employees think, what’s wrong with giving your password to a(n) ________________?Answer | | | | | Selected Answer: |    system administrator | Correct Answer: |    system administrator | | | | |  Question 4 0 out of 0.5 points | | | Which of the following is not a type of monitoring device?Answer | | | | | Selected Answer: |    IPS | Correct Answer: |    Server log | | | | |  Question 5 0.5 out of 0.5 points | | | What is meant by clipping levels?Answer | | | | | Selected Answer: |    Values used in security monitoring that tell...

Words: 12833 - Pages: 52

Premium Essay

Ethics

...ETHICS IN INFORMATION TECHNOLOGY Third Edition This page intentionally left blank ETHICS IN INFORMATION TECHNOLOGY Third Edition George W. Reynolds Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Ethics in Information Technology, Third Edition by George W. Reynolds VP/Editorial Director: Jack Calhoun Publisher: Joe Sabatino Senior Acquisitions Editor: Charles McCormick Jr. Senior Product Manager: Kate Hennessy Mason Development Editor: Mary Pat Shaffer Editorial Assistant: Nora Heink Marketing Manager: Bryant Chrzan Marketing Coordinator: Suellen Ruttkay Content Product Manager: Jennifer Feltri Senior Art Director: Stacy Jenkins Shirley Cover Designer: Itzhack Shelomi Cover Image: iStock Images Technology Project Manager: Chris Valentine Manufacturing Coordinator: Julio Esperas Copyeditor: Green Pen Quality Assurance Proofreader: Suzanne Huizenga Indexer: Alexandra Nickerson Composition: Pre-Press PMG © 2010 Course Technology, Cengage Learning ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior written permission...

Words: 204343 - Pages: 818

Premium Essay

Business Continuity and Disaster Recovery Planning for It Professionals

...to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations. Contact us at sales@ syngress.com for more information. CUSTOM PUBLISHING Many organizations welcome the ability to combine...

Words: 189146 - Pages: 757