By Raffi Jamgotchian, President/CTO of Triada Networks, ASCII member since 2008
Most IT organizations (both in house and outsourced) that support financial services businesses tend to look to regulations as their rulebook to ensure security and keep the auditors off their backs. However, I take a different approach. Not only should the IT organization support the institution’s fiduciary responsibilities but also assist with keeping the company’s name out of negative press due to a breach or data leakage.
Compliance Does Not Equal Security
Keeping compliant to the alphabet soup of regulations will keep regulators happy, but it doesn’t protect you from a determined attacker. As the outsourced firm supporting financial services clients, it’s your job to keep their business as safeguarded as possible using a holistic approach and staying nimble enough to evolve with the threat of the landscape. Regulations don’t keep up with current trends or technology, so it is up to you to do so.
Don’t get me wrong, getting compliant and staying compliant is important and shouldn’t be overlooked, but a comprehensive security plan that is documented, followed, and articulated will not only bring you compliance, but provide you the framework to respond to growing threats. The following basics will not only help improve a company’s security posture, but they will help them come into compliance as well.
Please log in or register below to read the full article.