IT Examiner School

GLBA - ISP Framework

GLBA requires that financial institutions act to ensure the confidentiality , integrity and availability of customers’ “personally identifiable information or PII

Financial Privacy Rule that requires financial institutions to explain their information sharing practices to their customers.

The Safeguards Rule that requires financial institutions to create a written information security program that includes administrative , technical , and physical safeguards appropriate to the size and complexity of the institution and the nature and scope of its activities.”

GLBA & CIA TRIAD

• Confidentiality. Only authorized entities, have access to the data. • Integrity. There are no unauthorized modifications of the data. • Availability. Authorized entities can access the data when and how they are permitted to do so.