Information security breach - preparing for when
Posted on 04/05/2011 at 11:07 AM by The Newsroom
It would be surprising if everyone hasn't heard about Epsilon, an online marketing unit of Alliance Data Systems Corp, by now. Epsilon experienced a significant security breach on March 30, 2011. The breach occurred when customers' emails were accessed without authorization. It is reported that the Epsilon customers impacted include TiVo, Kroger, JPMorganChase, US Bank, Capital One, Citi and many others. In this age of information technology, many experts say that it is not 'if' a security breach will happen, but 'when.' Financial institutions are not immune. In developing and reviewing information security controls, policies and processes, financial institutions have a variety of sources upon which to draw. Federal laws and regulations address security, as well as regulator-issued security related guidance. Another resource is the FFIEC IT Examination Handbook. This handbook can be found here. Senior management in financial institutions set the tone of the importance, awareness and compliance for information security. It is important for financial institutions to have written policies and governance for information security functions; develop and implement an information security strategy to mitigate risks; institute and maintain an ongoing information security risk assessment program; and put in place security controls to effectively allow and monitor access to systems.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
Categories: Banking Law
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.