Gramm-Leach-Bliley Act compliance solution

Our Gramm-Leach-Bliley Act compliance solution helps your financial institution achieve security best practices.

Our expert security consultants help identify and analyze gaps in your current security state compared to requirements for security best practices.



Service detail

Service details

Safeguarding the confidentiality and integrity of customer information is no longer just a best practice for financial institutions; it's now a legal requirement.

The Gramm-Leach-Bliley Act mandates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access occurring through online systems and networks. This level of security is mandatory to ensure companies maintain data integrity and privacy standards for employees and customers that have provided personal information.Some key elements of this act include:

IBM Security Services security experts are prepared to help.

As one of the world leaders in products and services that protect online assets, IBM Security Services has demonstrated continued success helping public organizations quickly and simply achieve security best practices that meet the requirements of the Gramm-Leach-Bliley Act.

Our approach to security best practices

In order to streamline security and help achieve security best practices for the Gramm-Leach-Bliley Act, we leverage a five-step process that identifies and analyzes gaps in the current security state compared to requirements for security best practices. We then design and help implement solutions to close those gaps and ensure ongoing conformity.

Once again, the first step to understand your existing compliance posture is to engage IBM Security Services to conduct an assessment, which we call a Security Health Check. The purpose of this assessment is to accurately identify your current compliance posture to your desired compliance posture. Depending on the gaps uncovered, IBM security consultants will provide a variety of recommendations to meet or exceed the deficient controls. If you are already aware of some of your gaps, the following table provides an insight into some of the products and services that IBM might recommend to aid you in achieving your desired level of compliance.

Section Summary IBM Security Solutions
Security Process Implement an ongoing security process and institute appropriate governance for the security function, assigning clear and appropriate roles and responsibilities to the board of directors, management and employees.
Information Security Risk Assessment Maintain an ongoing information security risk assessment program that considers assets, data, and threats to prioritize risk.
Information Security Strategy Develop a strategy that defines control objectives and establishes an implementation plan. The security strategy should include controls, processes and policies.

Security Controls Implementation

Establish security controls to:

Security Monitoring Financial institutions should gain reasonable assurance of the adequacy of their risk mitigation strategy and implementation by monitoring network and host activity to identify policy violations, anomalous behavior, unauthorized configuration and other conditions which increase the risk of intrusion or other security events. They should also analyze the results of monitoring to accurately and quickly identify, classify, escalate, report, and guide responses to security events; and responding to intrusions and other security events and weaknesses.
Security Process Monitoring and Updating Financial institutions should continuously gather and analyze information regarding new threats and vulnerabilities, actual attacks on the institution or others, and the effectiveness of the existing security controls. They should then use that information to update the risk assessment, strategy, and implemented controls.

Related resources

Find studies, papers and briefs on this topic

NOTE: JavaScript is disabled in your browser. SSI information is only available when JavaScript is enabled.