Financial institutions are seeing a surge in attacks that could put any of them at risk for a security breach. The financial sector is one of the most frequently targeted industries in the world, resulting in massive liabilities for organizations because their customers are exposed to identity theft and fraud. No financial institution can afford to be complacent because any organization can be the victim of a security breach. Security is too important not to be given due consideration, and the threats against the financial sector look like they will only continue to escalate.
The Sarbanes-Oxley Act (SOX), a federal law enacted in 2002, was "An Act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes". All organizations, large and small, must comply. Yet SOX's computer security requirements remain vague, and auditors' evaluations continue to be subjective. SOX makes monitoring of financial institution's 'internal controls' the personal responsibility of the CEO and CFO. What constitutes 'internal controls' is not exactly specified, but what is clear is that the corporate officers are being held personally liable for compliance.To pass a SOX audit, your company must implement security best practices for any system that touches anything and everything related to financial reporting and accounting systems. This monitoring must also be reviewed by an outside firm.
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to implement a comprehensive network security program that protects the privacy of customer records. These standards are mandatory requirements, with specific information security guidelines and checklists made available to provide guidance on compliance. Institutions must employ an integrated security strategy that establishes perimeter (firewall) security and security inside the network, adopting a proactive network security risk management capability. Security detection tools (Intrusion Detection Systems) are to be considered in cases where a high degree of GLBA data exists.
CLEARNETWORK delivers comprehensive perimeter firewall security, Network Security Monitoring (NSM) services, and Email Security services, allowing your firm to concentrate on value-added functions and business processes rather than performing labor-intensive security tasks. We have delivered these integrations and services successfully to numerous clients, all of whom experience the ease of management and peace of mind knowing that their data is safe and that they are meeting and exceeding their SOX and GLBA requirements.
SEC Rule 17a-4 has been regulating the data retention practices of financial firms since the Securities Exchange Act of 1934. This long history along with the SEC's amendments and clarifications on electronic storage, have made 17a-4 one of the clearest regulations from an IT implementation perspective. While the requirements are relatively clear, meeting them while dealing with rapidly growing email stores, make complying with 17a-4 a daunting challenge. From a legal perspective, litigation is fought on the basis of the documentary record, and the litigant best able to recreate it at the lowest cost carries a valuable advantage into any dispute. CLEARNETWORK's cloud-based email storage was offered with this in mind.
To learn more about how CLEARNETWORK's solutions can help your organization achieve success, please contact us.