Finance Questions
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed
Order Now1. GLBA repealed parts of an act. Name the act and explain why that was significant for financial institutions and insurance companies. Glass-Steagall Act. It was significant for both financial institutions and insurance companies because now they can merge together.
2. What is another name for obtaining information under false pretenses and what does that have to do with GLBA? What is an example of a safeguard pertinent to this requirement? Pretexting. GLBA provides limited privacy protection against the sale of private information. Organizations covered by GLBA emplace safeguards to protect against pretexting. An example would to properly train employees to recognize pretexting inquiries.
3. How does GLBA impact information systems security and the need for information systems security practitioners and professionals? GLBA enforces standards that businesses need to comply with so customer’s information is safeguarded. This leads to mandated employee training. Also, with security professionals they can develop written policies and procedures to manage and control risks.
4. If your organization is a financial institution or insurance company that is also publicly traded, what other compliance law must you comply with? Sarbanes-Oxley Act & Federal Information Security Management Act
5. Which one of these things does GLBA not require financial institutions to do?: b. The law requires financial institutions to provide customers with their internal security policy.
6. Which U.S. government organization is responsible for enforcing GLBA? Federal Reserve Board, Federal Deposit Insurance Corporation, Office of Thrift Supervision, Securities and Exchange Commission, Federal Trade Commission, Office of the Comptroller of the Currency
7. For each of the seven domains of a typical IT infrastructure, what process or procedures would you perform to obtain information about security controls and safeguards? Each domain must have the CIA (confidentiality, integrity, availability) Triad. Also, there must be a security policy framework in place which lists policies, standards, procedures and guidelines.
8. How can a data classification standard be used within a GLBA security plan for GLBA compliance? Classifications standards help protect data which needs to be protected for confidentiality or sensitivity and risk level. Categories might include public, limited access and restricted access.
9. What are some examples of safeguards throughout the seven domains of a typical IT infrastructure that can be considered part of GLBA compliance? Administrative safeguards train employees on procedures & limit access on need to know basis. Physical safeguards encrypt ePHI & enforce strong passwords which change every 180 days. Technical safeguards use anti-virus software that updates automatically.
10. If a bank or insurance company accepts credit card payments, what other standard must this organization comply with? What must an organization do to be compliant? PCI DSS / Assess – identify cardholder data, inventory IT assets and business processes for payment card processing. Remediate – fixes vulnerabilities. Report – compile and submit required remediation validation reports if applicable.
11. True or false: Banks that perform credit card transaction processing must be PCI DSS-compliant. True
12. True or false: GLBA provides consumers with a false sense of security. True
13. What is one strategy for communicating pretexting and social engineering to employees and consumers? Training is one strategy. Nothing can replace training to help recognize pretexting. Every effort should be made to make pretexting training as simple and efficient as possible.
14. True or false: GLBA allows insurance companies to become banks and banks to become insurance companies. Now a complete portfolio of financial and insurance products and services are provided to customers. False
15. PCI DSS v2.0 requires organizations to have annual security awareness training for all employees and authorized users of the organization’s IT infrastructure. Why is this an important compliance requirement? Compliance to annual training helps reduce the risk of data loss and improves security.