1. GLBA repealed parts of an act. Name the act and explicate why that was important for fiscal establishments and insurance companies. Glass-Steagall Act. It was important for both fiscal establishments and insurance companies because now they can unify together.
2. What is another name for obtaining information under false pretences and what does that hold to make with GLBA? What is an illustration of a safeguard pertinent to this demand? Pretexting. GLBA provides limited privateness protection against the sale of private information. Organizations covered by GLBA emplace precautions to protect against pretexting. An illustration would to properly train employees to acknowledge pretexting enquiries.
3. How does GLBA impact information systems security and the demand for information systems security practicians and professionals? GLBA enforces criterions that concerns need to follow with so customer’s information is safeguarded. This leads to mandated employee preparation. Besides. with security professionals they can develop written policies and processs to pull off and command hazards.
4. If your organisation is a fiscal establishment or insurance company that is besides publically traded. what other conformity jurisprudence must you follow with? Sarbanes-Oxley Act & A ; Federal Information Security Management Act
5. Which one of these things does GLBA non necessitate fiscal establishments to make? : B. The jurisprudence requires fiscal establishments to supply clients with their internal security policy.
6. Which U. S. authorities organisation is responsible for implementing GLBA? Federal Reserve Board. Federal Deposit Insurance Corporation. Office of Thrift Supervision. Securities and Exchange Commission. Federal Trade Commission. Office of the Comptroller of the Currency
7. For each of the seven spheres of a typical IT substructure. what procedure or processs would you execute to obtain information about security controls and precautions? Each sphere must hold the CIA ( confidentiality. unity. handiness ) Triad. Besides. there must be a security policy model in topographic point which lists policies. criterions. processs and guidelines.
8. How can a data categorization criterion be used within a GLBA security program for GLBA conformity? Classifications criterions aid protect informations which needs to be protected for confidentiality or sensitiveness and hazard degree. Classs might include public. limited entree and restricted entree.
9. What are some illustrations of precautions throughout the seven spheres of a typical IT substructure that can be considered portion of GLBA conformity? Administrative precautions train employees on processs & A ; limit entree on demand to cognize footing. Physical precautions encrypt ePHI & A ; enforce strong watchwords which change every 180 yearss. Technical precautions use anti-virus package that updates automatically.
10. If a bank or insurance company accepts recognition card payments. what other criterion must this organisation comply with? What must an organisation do to be compliant? PCI DSS / Assess – place cardholder informations. stock list IT assets and concern procedures for payment card processing. Remediate – fixes exposures. Report – compile and submit required redress proof studies if applicable.
11. True or false: Banks that perform recognition card dealing processing must be PCI DSS-compliant. True
12. True or false: GLBA provides consumers with a false sense of security. True
13. What is one scheme for pass oning pretexting and societal technology to employees and consumers? Training is one scheme. Nothing can replace preparation to assist acknowledge pretexting. Every attempt should be made to do pretexting preparation as simple and efficient as possible.
14. True or false: GLBA allows insurance companies to go Bankss and Bankss to go insurance companies. Now a complete portfolio of fiscal and insurance merchandises and services are provided to clients. False
15. PCI DSS v2. 0 requires organisations to hold one-year security consciousness preparation for all employees and authorised users of the organization’s IT substructure. Why is this an of import conformity demand? Conformity to one-year preparation helps cut down the hazard of informations loss and improves security.