GLBA consists of three primary parts;
1. The Financial Privacy Rule
2. Safeguards Rule, and
3. Pretexting provisions
These rules and provisions make up the requirements for financial institutions to (a) ensure protection of the security and confidentiality of customer's nonpublic personal information (NPI), (b) implement administrative, technical, and physical safeguards, (c) protect against anticipated threats and hazards to information security, and (d) protect against unauthorized access to or use of information. These requirements extend to an institutions business partners as well. Noncompliance can result in penalties that include criminal prosecution, monetary fines and up to 5 years in prison.
To satisfy these legal requirements, financial institutions are required to perform security risk assessments, develop and implement security solutions that effectively detect, prevent, and allow timely incident response, and to perform auditing and monitoring of their security environment. Section 501(b) of the GLBA established the high-level privacy and security requirements that financial institutions must comply with in order to protect customer information.
The collection, management, and analysis of log data are integral to meeting many GLBA requirements. The use of LogRhythm directly meets some requirements and decreases the cost of complying with others.