Protecting Financial Services Data and Complying with the GLBA through Penetration Testing
The Gramm-Leach-Bliley Act (GLBA) was enacted in response to the rapid increase in Internet banking and online access to account information. The law stipulates that all financial institutions establish appropriate security standards to protect customer data from internal and external threats and unauthorized access occurring through online systems and networks. In addition, the legislation requires that organizations take proactive security measures including risk assessment and auditing to secure their electronic information. Penetration testing with CORE IMPACT helps you to both secure your customer information and comply with the GLBA.
Penalties for non-compliance include fines to businesses of up to $100,000 per violation, fines for officers and directors of up to $10,000 per violation, criminal penalties of up to five years in prison, and revocation of professional licenses.
Meeting GLBA Requirements for Data Protection with CORE IMPACT
Penetration testing with CORE IMPACT assists you in complying with the three main components of GLBA Title V. Section 501 (b), which focuses on customer protections.
Securing Customer Information
"Ensure the security and confidentiality of customer records and information."
With CORE IMPACT, you methodically execute real-world networks attacks to gain information about actual, exploitable security threats. By distinguishing critical vulnerabilities from false positives, the product enables you to intelligently plan, prioritize and execute remediation efforts, and thereby provides better protection for your customers' data.
Protecting Against Threats
"Protect against any anticipated threats or hazards to the security or integrity of such records."
CORE IMPACT equips you to stay a step ahead of internal and external threats to customer data. By automating the penetration testing process, the product allows you to perform consistent, repeatable security evaluations. In addition, regular, automatic product updates help you to identify, test and remediate newly discovered vulnerabilities.
Preventing Unauthorized Access to Records
"Protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer."
Penetration testing with CORE IMPACT enables you to evaluate and optimally configure firewalls, intrusion detection and prevention systems, and other network defenses. The product generates detailed reports that assist with compliance by quantifying your testing procedures. In addition, CORE IMPACT can help you justify the need for additional information security investments.
