Network security is not simply the strengthening of firewalls or installing antivirus software. Rather, network security is an integral part of business continuity planning for companies or organizations that use electronic information systems for storing data. In fact, having an effective network security policy that includes regular assessments is required for businesses to meet industry best practices and to comply with laws like Sarbanes-Oxley or HIPAA.
Business continuity planning, or BCP for short, pertains overall to developing strategies for minimizing financial losses, serving customers with few disruptions, and reducing any negative repercussions. While encompassing all aspects of a business, BCP covers information technology, including mitigating potential threat scenarios by risk management practices and assessment.
Network Mapping Software
Certain industry best practices or federal laws lay out specific BCP standards for the financial industry. The Federal Financial Institutions Examination Council (FFIEC) describes all principles, standards, and report forms for federal examination of financial institutions, and network security is listed in the FFIEC IT Handbook. The FFIEC IT Handbook specifies an audit program for businesses that involves evaluating risk management practices and compliance with corporate policy. In general, any finance institution's audit program needs to identify and reduce risk exposure for the institution.
The Gramm Leach Bliley Act of 1999 (GLBA) overlaps with the FFIEC IT Handbook and provides more specific guidelines for guarding non-public information. More specifically, GLBA requires a financial institution to put administrative, technical, and physical safeguards to prevent unauthorized access and other security threats. GLBA also requires financial institutions to establish a risk-based security program with oversight, risk management and assessment, controls, and training.
E-banking is also part of the FFIEC IT Handbook and pertains more toward storing and guarding customer information. E-banking exposes financial institutions to greater risks, and in order to combat these, the institution needs to have security controls in place for guarding customer information, including authentication. If controls are ineffective, a financial institution is liable for all unauthorized transactions and violates laws regarding customer privacy.
Sarbanes-Oxley, also known as the Public Company Accounting Reform and Protection Act of 2002, lists specific steps for network security audits in Section 404. As part of an assessment, an institution needs to supply physical documentation showing their financial, customer, and company information is reliable, verifiable and secure. In order to make sure all information is secure and accurate, the company or organization must have effective network security controls in place to prevent the loss of financial data and unauthorized transactions. The institution must be able to quickly detect any abnormalities within the network - but also note exceptions at the same time - and take appropriate actions. Additionally, Sarbanes-Oxley specifies that IT assessments must be part of a larger financial audit.
Network Security for the Financial Industry Network Mapping Software
0 comments:
Post a Comment