Financial Services
Regulations and audits are a way of life for security officers in the financial services industry. For example, the Gramm-Leach-Bliley Act (GLBA) requires banks and financial institutions to implement comprehensive written information security policies to safeguard customer data. Likewise, the Sarbanes-Oxley Act of 2002 requires all publicly held companies to establish and maintain internal controls over their financial reporting systems and ensure their effectiveness. At NetIQ, we develop easy to use, modularly integrated security management solutions that assist customers with regulatory and policy compliance while enabling these organizations to secure their IT assets and manage risk.
Business Problem
Financial institutions are grappling with internal, external and regulatory (OCC, FDIC, SEC, etc.) audits on a continuous basis. In addition, the rate of new regulatory issues has increased dramatically since 2000. To meet audit and regulatory requirements, financial services providers must protect customer information against threats to security, confidentiality and integrity. Key hurdles to overcome include:
- Audits that now involve privacy issues and network security concerns
- Requirements that must address security policy at all levels-creation, communication, implementation, enforcement and improvement
- Demonstration of compliance performance and adherence to internal security controls
- Enforcement of separation of duties and security incident response measure
The NetIQ Solution
NetIQ solutions for Performance & Availability, Security Management and Windows Administration assist you in demonstrating compliance with financial services regulations, security policies, guidelines and best practices. NetIQ has a variety of products for assuring compliance, including systems monitoring, IT system access control and segregation of IT personnel duties. NetIQ solutions also provide auditing and reporting on IT security policy assessment and monitoring systems to detect attacks and intrusions.
Key Features
In helping financial organizations assure compliance, secure assets and manage risk, NetIQ products can:
- Develop policies quickly and easily throughout the enterprise, including policies for security configuration, education and awareness. With NetIQ VigilEnt Policy Center, stakeholders can easily create, review and approve policies online to expedite consensus and reduce time and effort.
- Check for policy compliance, security vulnerabilities and patches across all your systems on an automated schedule. With NetIQ Secure Configuration Manager, you automatically receive information on the latest vulnerabilities, exploits, patches and policy best practices so you can immediately identify and correct any issues. By deploying the NetIQ Risk and Compliance solution, companies can map security assessment results to specific standards to present compliance metrics for different control areas. Managers can render charts and graphs based on regulatory requirements from Sarbanes-Oxley and GLBA.
- Protect customer information by defending against denial of service attacks, detecting when a service account is used for interactive logons, detecting rogue processes and alerting on suspicious failed logon attempts. With NetIQ Security Manager, you can also protect attacked systems from further harm by taking actions such as automatically logging off unauthorized users, shutting down rogue processes and reconfiguring firewall rules.
- Consolidate event logs in real time for investigation of security incidents and compliance with regulatory requirements. With NetIQ Security Manager, you can store event log entries from all types of systems in a centralized repository and correlate them with other types of events. This prevents intruders from covering their tracks and maintains a chain of custody for evidence purposes.
- Provide secure and automated management of your Windows environment, leading to further compliance with regulatory mandates. NetIQ Security Administration Suite helps you administer information access by managing Active Directory permissions for user accounts, groups and computer accounts, controlling file and folder permissions throughout the file system and monitoring changes to Group Policy permissions in real time.
