Training

Security Professionals Skills Matrix - Comparison between Security Specialists, Architects and Professional. The skill set for Security Specialists, Architects and Professionals is slightly different. Below typical task of each career path.

Typical Tasks for Security Specialists:
- Respond to security incidents
- Report on security threats, conduct investigations
- Maintain security infrastructure, including risk and vulnerability assessments
- Research trends and issues related to security threats and control technologies

Typical Tasks for Security Architects:
- Scope and manage projects involving network security resources

So what is Gramm-Leach-Bliley Act (GLBA) requirement for Protection of Customer Information. Here is simple guidelines based on section V and the ammendment of appendix B. This act require the institution not only to protect but also assess and then control the IT risk.

Section V of the Gramm-Leach-Bliley Act of 1999
Governs privacy in the context of Financial Institution Safeguards.

Section 501(a): It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic information.

Section 501(b): Establish appropriate standards for the financial institutions subject to their jurisdictions relating to administrative, technical, and physical safeguards
1. To insure the security and confidentiality of customer records and information;
2. To protect against anticipated threats or hazards to the security or integrity of such records; and
3. To protect against unauthorized access to use of such records or information which could result in substantial harm or inconvenience to any customer.

2. Appendix B to Part 570
Outlines the Agency’s expectations for the creation, implementation, and maintenance of an information security program. This program must include administrative, technical complexity of the institution and the nature and scope of its activities. The guidelines describe the oversight role of the board of directors in this process and management’s continuing duty to evaluate and report to the board on the overall status of this program.

Download Free Risk Assessment Training Framework

Phase 1. Needs Assessment
Step 1. Characterize IT Environment