Big banks are confronting technology service providers to learn how their customers’ sensitive data is being protected from security breaches. The Wall Street Journal on Feb. 1 reported that Wells Fargo, Bank of New York, Bank of America, Citigroup, J.P. Morgan Chase and U.S. Bancorp, backed by major accounting firms and a financial services industry group, are adopting common guidelines to which suppliers will be required to adhere. The program, called the Financial Institution Shared Assessments Program, aims to do away with what is now a considerable amount of wasted resources on the part of financial institutions as they call on service providers for information needed to appease auditors.<\/p>\n","protected":false},"excerpt":{"rendered":"
“Third-party providers are providing some information, but financial institutions are using their own resources to continue” seeking additional information on a broad array of security details, according to Faith Boettger, a senior consultant to BITS, the industry group behind the project.<\/p>\n
The effort is aimed at making it easier on both sides: for the financial institutions that need the information, and for the service providers that are getting deluged with invariably disparate and often redundant requests. The new policy won’t just touch on what level of encryption providers put on data or what security protects databases that contain customer information, although those are two of the granular details it will touch on. The group is putting together a standardized questionnaire that will touch on service providers’ security policy, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, system development and maintenance, business continuity and regulatory issues. <\/p>\n
Priscilla Rabbayres, a global regulatory executive in the financial services sector for IBM, told eWEEK that IBM considers the financial institutions’ efforts to be of “enormous importance,” particularly given the times. “If we look back even a year ago, this was an important issue, but it really came to life with the California legislation of 2003 [that required enterprises to inform customers of security breaches],” she said. “One service provider may look at one standard, another at another aspect,” she said.<\/p>\n
http:\/\/www.eweek.com\/article2\/0,1759,1917900,00.asp?kc=EWRSS03119TX1K0000594<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-338","post","type-post","status-publish","format-standard","hentry","category-financial"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=338"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/338\/revisions"}],"predecessor-version":[{"id":2825,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/338\/revisions\/2825"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}