There has been a large number of data security breaches recently involving financial institutions. Here is a write up by Inno Eroraha on the response to a breach.
From SC Magazine:
Financial institutions are heavily regulated. They are required to implement security programs following regulations such as SOX, GLBA, SEC, NASD, etc. In fact, most of these organizations are required to execute an annual security assessment as a key compliance measure. Because an annual assessment may not discover all vulnerabilities, these organizations should be prepared to deal with security incidents involving physical facilities, network infrastructures, systems, applications, and most importantly, data.
Obviously, an entity that has no proactive mechanism to detect data, information, or system compromise wastes enormous amounts of time and money addressing an actual compromise without a response plan. To be able to deal with computer or IT related compromises, certain measures should be implemented by the institution. The following outlines example precautionary steps recommended for a bank, but some of the measures are valid for any institution.
Preparing for the inevitable
A banking institution must involve all of its resources in its security operation, including people, process and technology. Consider the following:
For the full piece read on.
