Reducing Risks to your Computer Systems

The Gramm-Leach-Bliley Act and the Safeguards Rule, enforced by the Federal Trade Commission, require financial institutions to have a security plan for just that purpose.

The threats to the security of your information are varied – from computer hackers to disgruntled employees to simple carelessness.

Starting Out

Basic steps in information security planning include:

* identifying internal and external risks to the security, confidentiality and integrity of your customers’ personal information;

* designing and implementing safeguards to control the risks;

* periodically monitoring and testing the safeguards to be sure they are working effectively;

* adjusting your security plan according to the results of testing, changes in
operations or other circumstances that might impact information security; and

* overseeing the information handling practices of service providers and business partners who have access to the personal information. If you give another organization access to your records or computer network, you should make sure they have good security programs too.

Your business should consider all the relevant areas of its operations, including employee management and training; information systems, including network and software design, and information processing, storage, transmission and disposal, and contingencies, including preventing, detecting and responding to a system failure. Every business faces its own special risks.

Determining Priorities Among Risks: Computer Systems



* The 20 Most Critical Internet Security Vulnerabilities (www.sans.org/top20) was produced by the SANS Institute and the FBI. It describes the 20 most commonly exploited vulnerabilities in Windows and UNIX. Although thousands of security incidents affect these operating systems each year, the majority of successful attacks target one or more of the vulnerabilities on this list. This site also has links to scanning tools and services to help you monitor your own network vulnerabilities at www.sans.org/top20/tools.pdf.

* The 10 Most Critical Web Application Security Vulnerabilities (www.owasp.org) was produced by the Open Web Application Security Project (OWASP). It describes common vulnerabilities for web applications and databases and the most effective ways to address them. Attacks on web applications often pass undetected through firewalls and other network defense systems, putting at risk the sensitive information that these applications access. Application vulnerabilities are often neglected, but they are as important to deal with as network issues.

While you are designing and implementing your own safeguards program, don’t forget that you should oversee service providers and business partners that have access to your computer network or consumers’ personal information. Check periodically whether they monitor and defend against common vulnerabilities as part of their regular safeguards program.
For More Information

For more information on privacy, information security, and the Gramm-Leach-Bliley Safeguards Rule, visit www.ftc.gov/privacy.

Source- The FTC works for the consumer to prevent fraudulent, deceptive, and unfair practices in the marketplace and to provide information to businesses to help them comply with the law. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.