Seeking input on proposed changes to the Gramm-Leach-Bliley Act’s Safeguards Rule, the Federal Trade Commission (FTC) conducted a virtual workshop that examined some of the issues raised in response to amendments the FTC has proposed to the Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program.
GLBA’s Safeguards Rule provided general instructions for applying safeguards; information security controls are to be “reasonable” and should somehow be associated with risk assessments that the Safeguards Rule also requires.
The panel included cyber security experts to provide their insight to security approaches and considerations in implementing.
A key topic during the panel was the discussion of risk assessments. Information security programs should be constructed off a risk assessment which provides an evaluation of the likelihood and magnitude of possible harm.https://www.ftc.gov/