I would appreciate any advice on where to start when developing our information security program.
Is the information we receive and the records we maintain from customers who utilize our Web site to make transactions subject to the same rules and regulations regarding disclosure and being subject to subpoenas and requests for records?
The federal banking regulators have agreed to on final Interagency Guidelines Establishing Standards for Safeguarding Customer Information ("Guidelines"). You previously wrote two articles for us on the proposed guidelines. (See <a href="gurus_technology1211.html">Part 1</a> and <a href="gurus_technology1218.html">Part 2</a>.) Were there any surprises for you in the final version of Interagency Guidelines Establishing Standards for Safeguarding Customer Information? And could you give us a quick heads-up on what the final guidelines provide?
What are the key elements of an information security program under the Guidelines?