Callahan Clients, please log in for direct access to:
Learn What You're Missing
Upgrade Your Subscription
Thank you for your interest in reading the fantastic content we have on CreditUnions.com! However, the page you are trying to access is for subscribers-only. To learn more, select an option below.
All users must now log in to read, research, browse, and have fun on CreditUnions.com. Yes, we still offer freebies. And, yes, it’s worth the extra effort.
Print or PDF this article today because you won't have access to it later. Or, click here to learn how to get 24/7 access.
By TVH Federal Credit Union
With the persistent waves of IT security breaches, and a growing list of ever more complicated government regulations aimed at protecting members’ financial information, credit unions increasingly seek more effective ways to protect their IT systems from attack, and to reach regulatory compliance.
How well does your credit union’s IT vulnerability management and compliance program stack up?
Depending on size, and if a credit union is state or federally chartered, there is a spate of regulations a credit union could fall under—aimed at protecting member information from being breached and from the risk of identity theft. So it takes a sound security and vulnerability management program to ensure your credit union is in compliance with such stringent regulations as the Gramm-Leach Bliley Act, the National Credit Union Administration’s (NCUA) Reg. 748, and SB 1386, which requires credit unions with members in California to notify those customers, under certain circumstances, if sensitive financial information has been breached.
While all of these regulations affect the way credit unions approach the vulnerability management of their IT systems, they’re certainly not the only concern. According to the CERT Coordination Center, an information security watch group, 3,780 new software vulnerabilities were discovered in 2004. For the first quarter of 2005 alone, 1,220 such flaws were revealed. If that trend continues, the flaws discovered this year will far exceed last year’s. It’s these flaws that make it possible for viruses and worms to infect your infrastructure, and bring system performance and worker productivity to a halt. They’re also how hackers infiltrate systems to steal sensitive information.
The best and easiest way to achieve regulatory compliance, and keep systems safe from attack, is to establish a sound vulnerability management program.
Government regulations require credit unions to create an information security program that includes not only a thorough risk assessment, but also oversight by the board of directors, procedures for improving and changing the security program and continuous status and trend reporting to management.
There are several approaches your credit union can take to meet these criteria. It could decide to outsource much of the vulnerability management and remediation process to outside consultants who would conduct ongoing vulnerability scans and risk assessments, and provide reports to your internal security administrators and senior management. But consulting fees quickly add up, and this option can prove too expensive for an ongoing compliance and vulnerability management program.
Another option would be to hire several full time employees dedicated to managing your vulnerability management process. This team would have to review, on average, ten new software vulnerabilities every day to determine what systems are at risk and then prioritize the software patching process based on the criticality of each vulnerable system. It also would have to make sure each system was, in fact, successfully patched.
This option also is expensive, and difficult to manage without the proper vulnerability management tools in place.
There is a better way.
Innovative automated vulnerability management tools exist that are extremely accurate, up-to-date, easy to deploy, cost effective, and provide detailed, comprehensive reports tailored for security managers as well as senior management. QualysGuard, from Qualys, provides all of this, plus:
For more information on Qualys, please visit us at www.qualys.com or you
can request a free trial at http://www.qualys.com/POS/confidence/form/?lsid=6488
August 8, 2005
Submit your email address to receive daily industry updates and web-only features.
P: (800) 446-7453 | F: (800) 878-4712
1001 Connecticut Ave. NW Suite 1001
Washington, DC 20036