The Gramm-Leach-Bliley Act (GLBA) requires companies collecting financial information to comply with strict guidelines concerning what they can (and can’t) do with their clients’ nonpublic financial information. In order to facilitate the IT security requirements of GLBA, the Federal Financial Institutions Examination Council (FFIEC) developed a detailed set of guidelines for examiners and organizations for assessing the security posture of an enterprise.
Published in December, 2002, the Information Security Handbook provides a thorough discussion of Security Process, Risk Assessment and Security Controls Implementation. The “Security Monitoring” section provides standards for the generation and collection of audit trails and logs which must be collected and retained for subsequent review, as well as investigation and incident response.
Financial organizations that have to comply with privacy protection regulations such as GLBA, face considerable challenges, since systems and tools that collect log data typically track actions that updated, deleted or inserted data to the system’s database, yet they do not normally collect data on actions that do not change any data, such as display of specific accounts, since it involves significant overhead. Logging these “read” type actions is essential for protecting data privacy.
Developing such a logging mechanism in-house, involves tremendous effort, since thousands of the organization’s programs need to be changed. An alternative solution that tracks access to the corporate databases is insufficient, since it typically tracks only “update” actions performed in the database, but does not cover “read” actions. Even if “read” actions are tracked, in many cases the user-id is not captured since many applications use generic user-id for database access. Another type of solution which is usually considered is log aggregation. This type of solution can help solving other regulatory requirements, but as it relies on data provided by existing application logs which are typically insufficient, the aggregated data is insufficient as well.
Intellinx solves this issue by providing a detailed field-level audit trail including read-access tracking across multiple applications and platforms without changing a single line of existing code, with no need to install anything on hosts or clients and with zero overhead.