| Requirement
|
SOTEC Remote Monitoring/Partner |
- Assess Risk - Each bank shall: "Identify foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information system."
|
- SOTEC Remote Monitoring proactively scans your networks, systems and apps for more than 800 different vulnerabilities and automatically prioritizes the severity of each to help identify and mitigate the biggest security risks
- SRM patch assessment reduces the costs of keeping your infrastructure current with Microsoft security patches by automating the identification, prioritization and mitigation of Windows security patch vulnerabilities
|
- Manage and Control Risk - Each bank shall: "Regularly test the key controls, systems and procedures of the information security program... tests should be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs."
- Access controls on customer/member information
- Access restrictions at physical locations containing customer/member information
- Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into customer information systems.
|
- Vulnerability scanning
- Patch assessment
- Firewall monitoring
- Realtime intrusion monitoring; monthly summaries on use of admin. password including; login/logout activity, failed login details; account modifications
- Automated security alerts, notification, and escalation capabilities
- Time-based escalations
- User-customizable threshold-settings to control and focus alerts
|
- Oversee Service Providers - Each bank shall "Require its service providers by contract to implement appropriate measures to meet the objectives of these guidelines."
|
- Financial banks can direct service providers to use SOTEC Remote Monitoring to satisfy the Gramm-Leach-Bliley Act guidelines
|
- Adjust the program - "Each bank shall monitor, evaluate, and adjust as appropriate, the information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the bank's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements and changes to customer information systems."
|
- SOTEC Remote Monitoring helps financial banks to instantly react to any change in security technology, new threats, and new business arrangements.
|
- Report to the Board - "Each bank shall report to its board or an appropriate committee of the board at least annually. This report should describe the overall status of the information security program and the bank's compliance with these Guidelines. The reports should discuss material matters related to its program, addressing such issues such as: risk assessment, risk management and control decision, service provider arrangements; results of testing; security breaches or violation and management's responses; and recommendations for changes in the information security program.
|
- Security data revealed by powerful SOTEC Remote Monitoring reporting capabilities presents a comprehensive, organized snapshot of a network's security risks, easily understood by executive level managers.
|
- Implement the standards - "Each bank must implement an information security program pursuant to these guidelines by July 1, 2001." (A grandfathering or agreements with service providers expired on July 1, 2003.)
|
- As a Web-based tool service, SOTEC Remote Monitoring requires no special installation or provisioning, users get immediate compliance with these guidelines.
|
