Compliance & Regulation
The Gramm-Leach-Bliley Act (GLBA) is an act from congress that was put in place in 1999 to repeal the Glass Steagal Act of 1933. GLBA is also referred to as the Financial Services Modernization Act of 1999. While GLBA has many stipulations, there are two primary areas when it comes to Information Security requirements. This includes the Privacy Rule and the Safeguards Rule.
Do I Need To Comply With GLBA?
The FTC Safeguards Rule applies to many organizations that receive non public information (NPI). A few examples are listed below:
- Banking Financial Institutions
- Insurance Companies
- A retailer that issues its own credit cards
- An automobile dealership that leases automobiles
- A personal property or real estate appraiser
- In some cases, financial professionals
- A business that prints or sells checks
- Any business that wires money to and from customers
- Any check cashing business
- Accountants and tax preparation service companies
- Travel agencies
- Real estate settlement services
- Mortgage Brokers
- An investment advisory company or credit counseling service
- Companies that bring buyers and sellers together
- Higher Education institutions that receive federal student aid under Title IV of the Higher Education Act of 1965.
What Can Happen If You Don't Comply With GLBA?
Replicate hacking techniques and exploits, such as unauthorized access and software exploitation, to identify your most vulnerable assets.
There are a number of enforcement bodies within the United States. The FTC and federal banking agencies are the most common enforcement agencies. The other enforcement agencies can be the State Attorney General, the State Insurance Commissioners, or the Consumer Financial Protection Bureau. The Office of the Comptroller of the Currency and the Securities Exchange Commission are also enforcement bodies.
The enforcement bodies may issue large fines. They may also issue consent orders that require security controls. The Consumer Financial Protection Bureau (CFPB) provides the latest enforcement actions on their website:
Cyber Security Services (CSS) assists financial institutions, banks, credit unions, lending companies, higher education, and government organizations. We understand the requirements of GLBA compliance better than most due to the many hats that we wear. Here is how we help companies maintain GLBA compliance:
- GLBA Risk Assessments
- GLBA Gap Assessments
- Virtual CISO and Risk Services
- GLBA Policy Review
- Security Awareness Training
- Vendor Risk Assessments
- Penetration Testing
- Vulnerability Assessments
- Encryption Solutions
- Information Security Strategic Plans
- Inventory of Assets
- GLBA Data Classification Services
Threat Protection And Response
We understand that vCISO is focused on strategic risk and compliance objectives throughout the year, but some organizations require hands-on cybersecurity expertise. Our team of professionals are ready to jump in where you need us the most. Our experts are assigned based on your specific needs.
- Threat Hunting
- Incident Response Program
- Incident Tabletop Exercises (TTX)
- Ransomware Prevention Program
- Vulnerability Scanning and Vulnerability Management
- Security Engineering and Architecture Assistance
- Identity & Access Management
- Managed Detection and Response (MDR) with CrowdStrike
Risk And Compliance
At IPS, we help with your Risk and Compliance programs. We also setup standards that make sense for your industry. If a program already exists, we piggyback off of what you are currently doing and make adjustments as needed.
- SOC 2 Type I and 2 Planning
- ISO 27001:2022 Delivery
- Risk Assessments
- Governance, Risk, and Compliance (GRC) Setup
- Internal Audit of Controls
- PCI, HIPAA, FERPA, FACTA, GLBA Programs
- ISO 27001, NIST Cybersecurity Framework, CMMC and NIST 800-161 Programs