Compliance

During SDLC process what are the key security controls that you need to aware? below the list:

1. Risk Assessment
Risk assessment will be specific and detailed, since the project participants will have actual specifications for the hardware and software that will be used to implement the system.

2. Functional Requirements Analysis
Ensure that project participants review the system ’ s functional requirements to help determine the security requirements necessary for successful implementation.

3. Assurance Requirements Analysis
Determine what development work and assurance evidence are necessary to establish confidence that the security will work correctly and effectively.

The PCI DSS (Payment Card Industry - Data Security Standard) cardholder data environment has an aggregated risk based on the subrisk categories of reputation, financial, compliance, and operational.

Reputation Risk
- Risk of PCI DSS non-compliance on your institution’s brand?

Financial Risk
- Risk of the fines from specific credit card issuers (i.e., Visa, MasterCard, and American Express)
- Litigation costs associated with security breach
- Merchant banks will receive fines as a result of a security breach.

Compliance Risk
- Risk of non compliance with PCI DSS
- The fines from specific credit card issuers (i.e., Visa, MasterCard, and American Express)

A board of director room should have a highly secured and controlled environment because all the confidential information is located in this room. While many of you know that for BOD, the security is not that important as others business problem and consideration that they should decide everyday.

Some of technical control that can be implemented to securing access control for Board of Director explain as below

Internet Banking Risk Category, Area of Concern and Related Control

I. STRATEGIC
Business Case
1. Strategic Technology Planning
2. Establish Goals and Monitor Performance
3. Conduct Research and Consult with Experts

Internal/External Resources
1. Provide Adequate Training
2. Provide Adequate Support Staff
3. Administration of Software Updates
4. Insurance Coverage (e.g., Fidelity Bond)

Outsourcing Arrangements
1. Perform Due Diligence on Vendors
2. Audit Performance
3. Back-up Arrangements

Download Free GLBA (Gramm–Leach–Bliley Act) Annual Summary Report Template

SAMPLE ANNUAL REPORT ON THE STATUS OF THE INFORMATION SECURITY PROGRAM

From: Information Security Officer
To: Board of Directors

Subject: Information Security Program Summary Report