A Framework Approach to Developing the IT Security Management program
Strategic plan to develop an IT security management program is paramount in ensuring that business remains safe from actions of cybercriminals. A framework is needed to ensure that the plan is in harmony with the government regulations and the business plans. The institution should collect information from security consumers (Oksendahl & Stackpole, 2010). The collected information should then be analyzed through modalities such as legal and regulatory influences, standards in the industry, customer base and the market, business and competitive intelligence, organizational culture, national and international factors, business drivers and technology environment (Oksendahl & Stackpole, 2010). A team should be appointed to look into these mass of information and come up with an applicable IT Security Management program.
The laws and regulations that must be addressed by the IT Security Management Program
Gramm-Leach-Bliley Act
The act protects sensitive customer information held by service providers in the financial industry (Trinckes Jr, 2009).
Delegate your assignment to our experts and they will do the rest.
Electronic communications privacy act
This law prohibits access to electronic information by unauthorized person event investigators unless permitted by the law (Trinckes Jr, 2009). Both acts are crucial to managing user information and protecting it from access by hackers and other illegal use. The firm should therefore develop a program that will ensure that the users’ details and transactions are confidential unless the user allows or the state requires such information. The management should design the system so that employees cannot access the information unless they have some clearance. The strategy will minimize threats from unauthorized users.
International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001
The Act prevents the use of financial platforms to support the transfer of money to illegal groups (The U.S.A. Patriot Act of 2001). The organization must establish a platform that will scrutinize the source and recipient of transactions. It should be able to store information on such transactions for investigations when necessitated by the law.
The Best Practices Adopted to Ensure Compliance with These Laws and Regulations
Auditing Compliance
Auditing for compliance is a significant part in checking the internal approach and satisfaction of the laws governing financial services. The acts and the laws become the standard against which the internal activities and structures are compared to ensure that they satisfy the demands of the laws (Weiss, M., & Solomon, 2015). Some of the internal factors include user, workstation, LAN, LAN-WAN, remote access and within the system domains. The firm can hire legal experts to oversee the process especially one specializing in IT law.
Consumer Feed Back
Consumer feedback is also helpful in determining the effectiveness of the platform. Consumer satisfaction will be seen via positive feedback while and unmet regulations will be deduced via negative feedback ( Gallegos, Davis & Senft, 2016 ). This strategy is more effective and cheap to conduct if the platform provides users with a window to give their ratings and comments.
Recommendation to Invest and Use a Compliance Management Tool
It is important that the institution invests in a compliance management tool. Financial security on the internal platform is very serious as compared to money held in banks or physical money. As such, it is important to invest in compliance management tool to enhance the security and good-faith practice in the firm.
Enablon GRC tool is the best priority. The tool is serving more than 1000 companies globally and over one million users. Besides, it is established as a strong performer (Robb, 2018). Even if the pricing is high, the software will pay for itself. Consumers will be attracted to the platform upon discovering its compliance and use of Enablon GRC, which is a strong compliance tool.
References
Gallegos, F., Davis, A., & Senft, S. (2016). Instructor's Guide: Information Technology Control and Audit . Taylor and Francis Group
Oksendahl, E., & Stackpole, B. (2010). Security strategy: From requirements to reality. Auerbach Publications.
Robb, D. (2018). Top 10 Governance, Risk, and Compliance (GRC) Vendors . Retrieved from https://www.esecurityplanet.com/products/top-grc-vendors.html
Trinckes Jr, J. J. (2009). The executive MBA in information security. CRC Press.
The U.S.A. Patriot Act of 2001 , Public Law 107-56
Weiss, M., & Solomon, M. G. (2015). Auditing IT infrastructures for compliance . Jones & Bartlett Publishers.
