Protecting Personal Financial Data of US Citizens
GLBA Enables Large Financial Services Organization Mergers
The Gramm–Leach–Bliley Act (GLBA) is a modernization of certain aspects of the US financial system. It removed barriers that prevented a financial services organization from acting as a combination of an investment bank, a commercial bank, and as an insurance company.
Mandatory Personal Data Requirements
As a result of the increased risk to personal data that would be caused by resulting corporate mergers, GLBA includes three requirements for personal data protection. These three requirements, the Financial Privacy Rule, the Safeguards Rule, and the Pretexting Protection, are mandatory for all US financial institutions.
Examples of Addressed GLBA Compliance Requirements
Cygna Auditor addresses topics in the FFIEC IT Examination Handbook, which includes both Tier I and Tier II Objectives and Procedures. Note that the list below is not exhaustive, but only a sample of requirements that Cygna Auditor can address.
Objectives 2(4), 2 (6), 6 (3)
Procedures / A (Authentication and Access Controls): Authentication (2), (4), (7)
Procedures / C (Host Security): (7), (9)
Procedures / G (Application Security): (1), (3), (7)
Procedures / M (Security Monitoring): (1), (2), (5), (6), (7), (8), (9), (14), (18), (22)
Procedures / A (Authentication and Access Controls): Access Rights Administration (1), (2),(4), (5), (6), (7)
Procedures / B (Network Security): (8), (12), (19)
Procedures / D (User Equipment Security): (3), (6)
Procedures / L (Data Security): (2), (3)
Monitor Activity on Secured Systems
Cygna Auditor monitors all successful and failed data activity such as file or folder creation, access, updates, deletions, who made the changes and when they were made.
Real-Time Notification of Sensitive Changes
Cygna Auditor's built-in and custom alerting notifies you of critical changes such as membership changes to privileged groups.
Privileged Account Management
Cygna Auditor allows you to monitor all changes made by privileged accounts to ensure they adhere to regulatory and organizational policies for the protection and privacy of data as well as that they do not abuse their unrestricted access.