The Information Security Officer (ISO) Program is a package of services that includes what a bank needs to be GLBA compliant. The Information Security Officer Program can be customized to best fit the needs of your institution.
The Norman Group’s information security consultants have extensive experience working both with large and small financial institutions on engagements related to information security governance, cybersecurity program development, and information technology strategy.
The ISO Program is structured to ensure that best practices in information security management are established within the following four critical domains:Information Security Program Management
- Formalize and document the duties of the Information Security Officer
- Ensure continual compliance to GLBA requirements
- Provide reports on the position of the institution in regards to information security objectives and GLBA requirements to the board of directors and other executive committees
Customer Non-Public Information Security Risk Assessments
- Review GLBA risk assessments
- Review Internet and Mobile Banking risk assessments
- Review Technology Infrastructure risk assessments
- Identify and assist in the development of risk assessments needed for successful and secure implementation of new technologies
Customer Non-Public Information Risk Mitigation and Controls
- Review privileges for all systems that contain customer non-public personal information or company sensitive information
- Review control test results including: Audit Reports, Vulnerability Assessments, Penetration Tests, and others as needed
- Assist in the development and implementation of information security training for employees and the board of directors
- Review Vendor Risk assessments
- Review Vendor Management policies
- Annual analysis and review of critical vendors
- Monitoring of critical vendors
Regardless of the level of assistance that your bank requires, The Norman Group’s information security experts are capable of providing the support needed to ensure that your organization is able to achieve its objectives and maintain compliance with GLBA requirements. To learn more about the ISO program or other information security solutions contact us today.