Request a Demo
Welcome to the Cygilant Blog

How Consumer Financial Services Can Meet Compliance Requirements

Posted by Security Steve on Apr 21, 2016

sign_compliance.jpg

Banks, credit unions, and other financial institutions face major challenges when protecting financial data in today’s threat landscape. In addition to protecting consumer data and financial records, IT security teams also deal with auditing mandates for GLBA, FFIEC, SOX, PCI, and a patchwork of federal, state, and other industry regulations. In 2014, the Federal Financial Institutions Examination Council announced a new effort focusing on cyber security, including an audit of an organization’s ability to manage cyber security and mitigate cyber risk. The task of monitoring thousands of network and system events can seem overwhelming. EiQ’s SOCVue® hybrid SaaS security services help overcome these challenges by providing the right people, process, and technology in order to deliver increased security visibility and guidance to effectively reduce cyber risks and meet compliance requirements.

How SOCVue Helps Meet Specific Compliance Requirements

 

Control Objectives for Information Technology (COBIT)

COBIT is a framework created by ISACA that allows IT managers to bridge the gap between control requirements, technical issues, and business risks. By aligning business practices with the COBIT framework, organizations are able to clarify their security posture and reduce potential risk.

 

EiQ’s SOCVue Security Monitoring service delivers 24x7x365 security monitoring and reporting that helps organizations address the security monitoring requirements in the COBIT 5 framework. As part of the service, EiQ’s SOC team will proactively assess network security controls to reduce your compliance risk. The security controls are directly mapped to relevant sections of COBIT 5. In addition, EiQ’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address the APO13 and DSS05 sections of COBIT 5.

 

Federal Financial Institutions Examination Council (FFIEC)

EiQ’s SOCVue Security Monitoring service helps organizations address FFIEC by providing 24x7x365 security monitoring and proactive security controls assessment. As part of the service, EiQ’s SOC team will proactively assess network security controls to reduce your compliance risk. The security controls are directly mapped to relevant sections of the FFIEC Handbook. In addition, EiQ’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address FFIEC Host Security and User Equipment Security requirements. In addition, our SOC Analysts will work with your organization to enable reporting that meets your compliance objectives.

 

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act requires financial institutions to develop a written information security plan detailing how the company is safeguarding non-public personal information of its clients. EiQ’s SOCVue Security Monitoring service helps organizations address GLBA by providing 24x7x365 security monitoring. As part of the service, EiQ’s SOC team will proactively assess network security controls to reduce your compliance risk. The security controls are directly mapped to relevant sections of GLBA. In addition, EiQ offers the SOCVue Vulnerability Management service, which provides vulnerability detection and remediation guidance designed to help address GLBA Host Security and User Equipment Security requirements.

 

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard is an industry-established standard that requires organizations that handle transactions from major credit card companies to protect payment card data. EiQ’s SOCVue Security Monitoring service helps organizations address PCI DSS Requirement 10 by providing 24x7x365 security monitoring and auditing for systems that are associated with payment card data.

 

As part of the service, EiQ’s SOC team will proactively assess network security controls to reduce your compliance risk. The security controls are directly mapped to relevant sections of PCI DSS 3.1.

 

In addition, EiQ’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address PCI DSS Requirements 2, 6, and 11.

 

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 formalized requirements for public companies to keep and report accurate financial records. EiQ’s SOCVue Security Monitoring service helps organizations address SOX by providing 24x7x365 monitoring and reporting on systems that are associated with financial reporting. Because SOX does not specify the exact technical controls to implement, many organizations use the COBIT framework as a guide for SOX controls. As part of the service, EiQ’s SOC team will proactively assess network security controls to reduce your compliance risk. The security controls are directly mapped to relevant sections of COBIT 5.

 

Would you like to learn more? Download EiQ’s new whitepaper, entitled “Credit Unions: Secure Your Data and Meet Compliance Regulations.”

 

Tags: COBIT, Compliance, Cybersecurity, InfoSec, PCI DSS, SOX, GLBA, FFIEC, Financial Services

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All