• Enterprise Threat Mgmt
• Compliance
  • Basel II
  • DoD Directive 8500.1
  • FISMA
  • Gramm-Leach Bliley
  • HIPAA
  • NERC
  • PCI
  • Sarbanes-Oxley
• Vertical Industries

Compliance

Basel II

Overview
Basel II, is also called "The New Accord" or the International Convergence of Capital Measurements and Capital Standards—A Revised Framework. It is the second Basel Accord and represents recommendations from the Basel Committee on Banking Supervision (BCBS). It was created to promote greater consistency in the ways banks and banking regulators approach risk management across national borders.

About the Basel Committee on Banking Supervision (BCBS)
The Basel Committee on Banking Supervision provides a forum for regular cooperation on banking supervisory matters. Over recent years, it has developed increasingly into a standard-setting body on all aspects of banking supervision, including the Basel II Accord.

BCBS's members come from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, United Kingdom, and United States. Countries are represented by their central bank and also by the authority with formal responsibility for the prudential supervision of banking business where this is not the central bank.

Key Security Requirements
Within its three “pillars” of thought—(1) Minimum Capital Requirements; (2) Supervisory Review; and (3) Market Discipline—Basel II addresses several key security requirements.

• Internal data — According to Basel II, the tracking of internal loss event data is an essential prerequisite to the development and functioning of a credible operational risk measurement system.  Internal loss data is most relevant when it is clearly linked to a bank’s current business activities, technological processes, and risk management procedures.  Therefore, a bank must have documented procedures for assessing the on-going relevance of historical loss data, including those situations in which judgment overrides, scaling, or other adjustments may be used, to what extent they may be used and who is authorized to make such decisions. (Paragraphs 670 and 671) A bank must develop specific criteria for assigning loss data arising from an event in a centralized function (e.g. an info rmation technology department) or an activity that spans more than one business line, as well as from related events over time. (Paragraph 673)
• Disclosure —The Committee (BCBC) believes that providing disclosures that are based on this common framework is an effective means of info rming the market about a bank’s exposure to those risks and provides a consistent and understandable disclosure framework that enhances comparability.  (Paragraph 810)
• Proprietary and confidential info rmation —Proprietary info rmation encompasses info rmation (for example on products or systems), that if shared with competitors would render a bank’s investment in these products/systems less valuable, and hence would undermine its competitive position.  Information about customers is often confidential, in that it is provided under the terms of a legal agreement or counterparty relationship. This has an impact on what banks should reveal in terms of info rmation about their customer base, as well as details on their internal arrangements, for instance methodologies used, parameter estimates, data, etc.  Banks should have a formal disclosure policy approved by the board of directors that addresses the bank’s approach for determining what disclosures it will make and the internal controls over the disclosure process.  In addition, banks should implement a process for assessing the appropriateness of their disclosures, including validation and frequency of them. (Paragraph 819)

U.S. Rules Implementing Basel II Capital Accord
In March, 2006, the Federal Reserve Board issued an interagency notice of proposed rulemaking (NPR) that would implement Basel II risk-based capital requirements in the United States for large, internationally active banking organizations within the next two years. The proposed rule would require the largest internationally active banks to enhance the measurement and management of their risks, including credit risk and operational risk. It would also require these banks to have rigorous processes for assessing overall capital adequacy in relation to their total risk profile and to publicly disclose info rmation regarding their risk profile and capital adequacy. Many financial institutions are beginning to plan and implement safeguards in preparation of these emerging requirements. The Federal Deposit Insurance Corporation, The Office of the Comptroller of the Currency, and the Office of Thrift Supervision are also considering the NPR.

Sourcefire^® Provides The Most Effective Network Security Available
Sourcefire is transforming the way banking organizations and government agencies manage and minimize network security risks with its 3D Approach – Discover, Determine, Defend – to securing real networks. The Sourcefire 3D System is the first to unify IPS, NBA, NAC and Vulnerability Assessment technologies under the same management console. This ETM approach affords customers with an efficient and effective layered security defense – protecting network assets before, during and after an attack

Sourcefire ensures financial institutions are protected to the fullest possible extent against security breaches and continuously maintain compliance with Basel II and other data security requirements.  Sourcefire helps financial institutions achieve control objectives outlined in ISO 17799, an accepted control framework for BASEL II compliance: