It Decision

Global Information Assurance Certification Paper

Copyright SANS Institute Author Retains Full Rights

This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission.

Interested in learning more?

Check out the list of upcoming events offering "Security Essentials Bootcamp Style (Security 401)" at http://www.giac.org/registration/gsec

Option 2 – Case Study in 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46 Key fingerprint = AF19 FA27 Information Security: Securing the Network & Business Processes of a Small Financial Services Company Within the Guidelines of the Gramm-Leach-Bliley Act of 1999 Timothy Pendergrass December 6, 2002 Track 1- GIAC Security Essentials (GSEC) GSEC Practical Requirements (v.1.4b) (August 2002) – Option 2 Case Study in Information Security Summary I was contracted by a small personal financial services company to perform a business security assessment under the guidelines of the Gramm-Leach-Bliley Act of 1999 (GLBA). Since the basis of this project was security, the confidentiality of the Client is required. The Client wanted to develop an understanding of their security posture in context of the requirements of the GLBA. They wanted recommendations and guidelines on establishing a compliant security policy, with a definition of the necessary infrastructure, procedures, and protection technologies for securing their business processes and information system under the subject regulations. While the Client Organization was initially determined not be in compliance with Federal regulations set forth in the GLBA, some stopgap measures were quickly put in place to reduce their security risk until a more secure and scalable solution could be developed. This paper provides a description of the short-term measures that were put into place, as well as a longer term, more scalable solution consistent with the Client’s business processes and strategic plans. Introduction I was...