Federal Deposit Insurance Corporation (FDIC): A Case Study
Information Security Program Governance of the Federal Deposit Insurance Corporation (FDIC)
CSIA 413
February 8, 2015
Celida M Bruss
Information policy and the protection of high value digital assets used to be the responsibility of a select group of practitioners. However, the ubiquity of information technology (IT) security policies and governance have been a long-standing part of many industries with far more “average-consumer” impact since the inception of the Gramm-Leach-Bliley Act of 1999 (Computer Services Inc. - GLBA Act Compliance, 2015). Most individuals who conduct business with any financial institution will notice that the institution is required by Federal law, to comply with one of the federally mandated programs that insures customer deposits up to $250,000 (FDIC , 2009). In addition to this mission, the FDIC is responsible for “Examining and supervising financial institutions for safety and soundness of consumer …show more content…
The objectives of Section II, part B outline the FDIC’s intent to protect the Confidentiality, Integrity, and Availability (CIA) of customer data (FDIC, 2014). Section III covers the majority of the tasks to be performed in the implementation of the security policy. Those actions identification of stakeholders, assessment and management of risk, due diligence in oversight (of providers and third party personnel), monitoring, evaluating and, adjusting policy components as applicable, and reporting to an authoritative body (FDIC, 2014). Each of these actions can be found in other industry standards such as the NIST SP 800-53 Rev.4’s Risk Management Framework Security Life Cycle and Security Control Structure (NIST, 2013, pp. 8-9). This just further solidifies the ubiquity of sound security policies across multiple sectors of the United States Federal and consumer
CSIA 413
February 8, 2015
Celida M Bruss
Information policy and the protection of high value digital assets used to be the responsibility of a select group of practitioners. However, the ubiquity of information technology (IT) security policies and governance have been a long-standing part of many industries with far more “average-consumer” impact since the inception of the Gramm-Leach-Bliley Act of 1999 (Computer Services Inc. - GLBA Act Compliance, 2015). Most individuals who conduct business with any financial institution will notice that the institution is required by Federal law, to comply with one of the federally mandated programs that insures customer deposits up to $250,000 (FDIC , 2009). In addition to this mission, the FDIC is responsible for “Examining and supervising financial institutions for safety and soundness of consumer …show more content…
The objectives of Section II, part B outline the FDIC’s intent to protect the Confidentiality, Integrity, and Availability (CIA) of customer data (FDIC, 2014). Section III covers the majority of the tasks to be performed in the implementation of the security policy. Those actions identification of stakeholders, assessment and management of risk, due diligence in oversight (of providers and third party personnel), monitoring, evaluating and, adjusting policy components as applicable, and reporting to an authoritative body (FDIC, 2014). Each of these actions can be found in other industry standards such as the NIST SP 800-53 Rev.4’s Risk Management Framework Security Life Cycle and Security Control Structure (NIST, 2013, pp. 8-9). This just further solidifies the ubiquity of sound security policies across multiple sectors of the United States Federal and consumer