Skip to content

GLBA Compliance Without the Headache

Answered by: 

Question: 
A big part of our IT Security budget is spent on GLBA compliance. Are we doing something wrong?
Answer: 

GLBA compliance can become a headache only if you don't get it right the first time. While regulators may give you more time to make corrections, the cost of going back and doing the same things a second time can unnecessarily use up constrained budget resources. As an overview, here is what GLBA requires:

  • Implementing and maintaining a comprehensive and ongoing information security program.
  • Assessing and evaluating threats and associated risks with the help of comprehensive risk assessments.
  • Implementing controls that are commensurate with the associated risk identified in the risk assessment process.
  • Implementing pretexting protection, which includes safeguards against social engineering attacks, in the form of evaluations, audits and employee training.
  • Oversight of service providers.
  • Board of Directors involvement and approval, supported by annual reporting.



First published on BankersOnline.com 3/16/09

First published on 03/16/2009

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics