|
|
|
Date Submitted:
08/05/05
Hits: 75 Rating:  based on 0 votes
Conducting an electronic information risk assessment for Gramm-Leach-Bliley Act complianceAdded by Papergrl
Description:
To obtain compliance with the new GLBA privacy regulations, financial institutions need to identify vulnerabilities in electronic systems, assess likelihood and impact of threats, and assess sufficiency of controls to mitigate those risks. In response to these new regulations, I developed a process for conducting an electronic risk assessment in accordance with GLBA, and used it to conduct a risk assessment for Johnson Financial Group. The process involves listing each technology and vendor service and categorizing these systems based on the data they process or store. Threats and vulnerabilities are listed for each technology, and then controls are specified for each vulnerability. Controls are categorized, and definitions for control adequacy and residual risk are developed and applied to each technology. Output includes a report showing vulnerabilities, controls, and a risk rating for each technology, a report showing which vulnerabilities have insufficient controls, and others.
Read the Complete Paper You don't have permission to post replies. Please login or register. |