Gramm-Leach Bliley Act (GLBA)

As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) issued the Safeguards Rule under section 501(b), requiring financial institutions under FTC jurisdiction to secure customer records and information. The three main objectives of GLBA 501(b) are to:

• Ensure the security and confidentiality of customer records and information
• Protect against any anticipated threats or hazards to the security or integrity of such records
• Protect against unauthorized access or use of such records or information which could result in substantial harm or inconvenience to any customer.

The Federal Financial Institutions Examination Council (FFIEC), comprised of examiners from many different regulatory bodies tasked with GLBA enforcement, has created an Information Security Handbook and an exhaustive set of tests to assess compliance with the Safeguards Rule, including over 20 specifically related to intrusion prevention and detection. The security process recommended by the FFIEC comprises five key areas:

• Information security risk assessment
• Information security strategy
• Implement security controls
• Security testing
• Monitoring and updating

Meeting the Compliance Challenge
Sourcefire^® is ideal for helping organizations comply with GLBA. Sourcefire is the most effective and efficient way to implement the best-practice security guidelines from the FFIEC. With Sourcefire, you can establish, enforce, monitor, and manage the security policies you need to ensure compliance and protect your organization from attack.

Sourcefire Supports FFIEC Security Best Practices
As the enterprise security system for your company, Sourcefire provides the following capabilities critical to network security best practices as described by the FFIEC, and necessary for GLBA compliance: