Defining a Process for Gathering Information Pertaining to a GLBA Compliance Audit

March 16, 2024March 16, 2024 Discipline: Computer science
Introduction 
A financial institution is like any other business in that it aims to maintain or raise its profits.  It is safe to assume that some financial institutions—faced with the choice between safeguarding an individual’s information and safeguarding the institution’s overhead costs—would lean toward lowering costs. Once the Gramm-Leach-Bliley Act (GLBA) was enacted in 1999, such choices were no longer an option. Available online are several cases of documented abuse of customer trust that predate GLBA. On http://epic.org/privacy/glba  are cases such as a bank that sold a list of its customers’ credit card numbers to an adult Web site, which fraudulently invoiced the bank’s clients for online “services they did not request.”  Those invoiced included customers with no online access.  In another case, a bank shared customer information with a subsidiary. The subsidiary preyed on low-risk customers to purchase high-risk investments, resulting in massive losses. Still, other cases describe banks sharing customer information with telemarketing firms.
Once GLBA was enacted, including Title V detailing the protection of financial information, banks have since faced strict limitations on information sharing without the customer’s knowledge and consent. Protecting nonpublic information is a requirement of GLBA compliance. In this homework assignment, you will identify the Gramm-Leach-Bliley Act (GLBA) requirements for implementing the administrative, technical, and physical controls necessary to protect nonpublic personal information; you will define what financial information and personal information are impacted by the Privacy and Safeguards rules of GLBA; you will assess the requirements for handling nonpublic personal information and comprehend the GLBA guidelines regarding the proper security for this data; and you will investigate how GLBA has impacted controls to protect nonpublic personal information and financial information.

Learning Objectives 
Upon completing this homework assignment, you will be able to:
  • Identify the Gramm-Leach-Bliley Act (GLBA) requirements for implementing the administrative, technical, and physical controls necessary to protect nonpublic personal 
    information.
  • Define what financial information and personal information are impacted by privacy and safeguard the rules of the GLBA.
  • Determine the requirements for handling nonpublic personal information and understand the GLBA guidelines on how to properly secure this data.
  • Investigate how GLBA has impacted security controls for protecting nonpublic personal information and financial information.
  • Draft an executive summary that defines a process for obtaining and addressing GLBA compliance information for a financial organization’s audit.
Hands-On Steps
  1. On your local computer, open a new Internet browser window.
  2. In the address box of your Internet browser, type the URL http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act  and press Enter to open a Wikipedia summary of GLBA.
GLBA’s Scope: It’s critical to understand GLBA’s reach. The rules and protections granted to the individual by GLBA define the auditor’s scope. Only by understanding the GLBA can the auditor align the audit goals and objectives within a defined scope.
  1. Review the GLBA using Wikipedia’s summary. For each of the following areas—many listed in Wikipedia’s outline—note the most relevant information in your homework assignment file:
    1. Legislative history
    2. Changes  caused by the act
    3. Remaining restrictions
    4. Financial Privacy Rule
      1. Financial institutions defined
      2. Consumer vs. customer defined
      3. Consumer/client privacy rights
    5. Safeguards Rule
    6. Pretexting protection
    7. Information Security Safeguards, including Guidelines for Providing Secure Data Transmission and  Guidelines for Secure Disposal  of Customer  Information
  2. Using your favorite search engine, search for more information on financial activities that are covered by the GLBA.
When GLBA Applies: In the most general sense, if the financial activity is between any individual and a financial institution (such as a bank, brokerage house, or any company that offers a financial service or product), then GLBA applies.
  1. Using your  favorite search engine, search for  more information  on how to handle nonpublic personal information (NPI) and the GLBA  guidelines regarding the proper 
    security for this data. Examples of NPI include:
    • Social Security number (SSN)
    • Financial  account numbers
    • Credit card numbers
    • Date of birth:
    • Name, address, and phone numbers, when  collected with financial data
    • Details of any financial transactions
    • Security awareness training
  2. Using your favorite search engine, search for more information on the enforcement of the GLBA, including:
    • The Federal Trade Commission (FTC) may bring an administrative enforcement action against any financial institution for noncompliance with the Safeguards Rule.
    • Penalties for violating the Safeguards Rule would likely include equitable  damages caused  by a loss of privacy, for example, a breach of security resulting in an 
An Audit’s Key Points: When auditing an organization, remember that an audit means you’re checking compliance against a known, expected environment. Therefore, at the bare minimum, the auditor should review the organization’s written policies. Other key elements for the auditor to review include system documentation, procedures, vendor agreements, and network documentation. If any prior audits were performed, those reports would be very helpful. In short, any documentation to better understand the organization and how it conducts business is helpful to the auditor.
Overview
In this homework assignment, you identified the Gramm-Leach-Bliley Act (GLBA) requirements for implementing the administrative, technical, and physical controls necessary to protect nonpublic personal information; you defined what financial information and personal information are impacted by the Privacy and Safeguards rules of GLBA; you assessed the requirements for handling nonpublic personal information and comprehended the GLBA guidelines regarding the proper security for this data; and you investigated how GLBA has impacted controls to protect nonpublic personal information and financial information.
Please answer the following questions:
  1. GLBA repealed parts of an act. Name the act and explain why it was significant for financial institutions and insurance companies.
  2. What is another name for obtaining information under false pretenses, and what does that have to do with GLBA? What is an example of a safeguard pertinent to this requirement?
  3. How does GLBA impact information systems security and the need for information systems security practitioners and professionals?
  4. If your organization is a financial institution or insurance company that is also publicly traded, what other compliance laws must you comply with?
  5. Which one of these things does GLBA not require financial institutions to do?
    1. The law requires these institutions to explain how they use and share your personal information.
    2. The law requires financial institutions to provide customers with their internal security policy.
    3. The law also allows you to stop or “opt out” of certain information sharing.
    4. The law requires that financial institutions describe how they will protect the confidentiality and security of your information.
  6. Which U.S. government organization is responsible for enforcing GLBA?
  7. For each of the seven domains of a typical IT infrastructure, what process or procedures would you perform to obtain information about security controls and safeguards?
  8. How can a data classification standard be used within a GLBA security plan for GLBA compliance?
  9. What are some examples of safeguards throughout the seven domains of a typical IT infrastructure that can be considered part of GLBA compliance?
  10. If a bank or insurance company accepts credit card payments, what other standard must this organization comply with? What must an organization do to be compliant?
  11. True or false: Banks that perform credit card transaction processing must be PCI DSS-compliant.
  12. True or false: GLBA provides consumers with a false sense of security.
  13. What is one strategy for communicating pretexting and social engineering to employees and consumers?
  14. True or false: GLBA allows insurance companies to become banks, and banks to become insurance companies. Now, a complete portfolio of financial and insurance products and services is provided to customers.
  15. PCI DSS v2.0 requires organizations to have annual security awareness training for all employees and authorized users of the organization’s IT infrastructure. Why is this an important compliance requirement?

Are you struggling with your paper? Let us handle it - WE ARE EXPERTS!

Whatever paper you need - we will help you write it

Get started

Starts at $9 /page

Login Register Reset

How our paper writing service works

It's very simple!

  • Fill out the order form

    Complete the order form by providing as much information as possible, and then click the submit button.

  • Choose writer

    Select your preferred writer for the project, or let us assign the best writer for you.

  • Add funds

    Allocate funds to your wallet. You can release these funds to the writer incrementally, after each section is completed and meets your expected quality.

  • Ready

    Download the finished work. Review the paper and request free edits if needed. Optionally, rate the writer and leave a review.

Place order now