GLBA Enables Large Financial Services Organization Mergers
The Gramm–Leach–Bliley Act (GLBA) is a modernization of certain aspects of the US financial system. It removed barriers that prevented a financial services organization from acting as a combination of an investment bank, a commercial bank, and as an insurance company.
Mandatory Personal Data Requirements
As a result of the increased risk to personal data that would be caused by resulting corporate mergers, GLBA includes three requirements for personal data protection. These three requirements – the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Protection - are mandatory for all US financial institutions.
Monitor Activity on Systems Containing Personal Financial Data
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Monitor Relevant Group Membership
Keep access to systems containing personal financial data to a minimum with Cygna Auditor's group reports that show membership of secured system users and administrators.
Monitor Secured System Permissions
Keeping group membership current is only a partial solution; you must ensure that permissions on systems holding personal financial data stay correct. Cygna Auditor's permissions reports enable you to be sure access is only what it needs to be.
Real-Time Notification of Unusual Activity
Cygna Auditor's built-in and custom alerting notifies you of unusual activity such as scripted permission changes, or mass file updates typical of ransomware.
Examples of Addressed GLBA Compliance Requirements
Cygna Auditor addresses topics in the FFIEC IT Examination Handbook, which includes both Tier I and Tier II Objectives and Procedures. Note that the list below is not exhaustive, but only a sample of requirements that Cygna Auditor can address.
Tier I Objectives 2(4), 2 (6), 6 (3)
Tier II Procedures / A (Authentication and Access Controls): Access Rights Administration (1), (2), (4), (5), (6), (7)
Tier II Procedures / A (Authentication and Access Controls): Authentication (2), (4), (7)
Tier II Procedures / B (Network Security): (8), (12), (19)
Tier II Procedures / C (Host Security): (7), (9)
Tier II Procedures / D (User Equipment Security): (3), (6)
Tier II Procedures / G (Application Security): (1), (3), (7)
Tier II Procedures / L (Data Security): (2), (3)
Tier II Procedures / M (Security Monitoring): (1), (2), (5), (6), (7), (8), (9), (14), (18), (22)