Financial Services, Privacy and Compliance
Basel II, Identity Theft Prevention, Sarbanes-Oxley, and Other Financial Compliance Mandates - In 2008, all U.S. Financial Institutions will be Required to Implement an Identity Theft Prevention Program
IAM enterprise strategies are being widely adopted as a way to create a more reliable and cost-effective security infrastructure driven by economic and compliance considerations
By Sally Hudson, IDC
(26.03.08) - In the wake of recent financial scandals, governments and agencies worldwide have been working to establish and strengthen regulations aimed at protecting both financial institutions and their customers from data, information, and privacy misuse. Some of the more well-known regulations include the Sarbanes-Oxley Act of 2002 (which requires public companies to validate the accuracy and integrity of their financial management), Basel II, and the Identity Theft Prevention Program. Basel II, called "the New Accord" or the International Convergence of Capital Measurements and Capital Standards: A Revised Framework, is the second Basel Accord and represents recommendations from the Basel Committee on Banking Supervision (BCBS). It was created to promote greater consistency in the ways banks and banking regulators approach risk management across national borders.
Lesen Sie weiter:
Das komplette White Paper als kostenloses pdf-Dokument [100 KB]
The Basel II framework describes a more comprehensive measure and minimum standard for capital adequacy, is intended to encourage a more forward-looking approach to capital supervision, and encourages banks to identify the risks they may face, today and in the future, and to develop or improve their ability to manage those risks. In 2008, all U.S. financial institutions will be required to implement an Identity Theft Prevention Program.
Under these new rules, which took effect January 1, 2008, each financial institution's Identity Theft Prevention Program must include reasonable policies and procedures for detecting, preventing, and mitigating identity theft. These policies and procedures must enable the financial institution to identify relevant patterns, practices, and specific forms of activity that are "red flags" signaling possible identity theft and incorporate those red flags into the institution's program. Deadline for compliance is November 1, 2008.
IDC believes that much of financial services compliance can be achieved through a strong identity and security management (ISM) implementation, which would include identity and access management (IAM) products, coupled with security information and event management (SIEM) software, as well as security and vulnerability management products. An especially important feature of these scenarios is the ability to automate functions and report and remediate within a real-time environment.
IAM enterprise strategies are being widely adopted as a way to create a more reliable and cost-effective security infrastructure driven by economic and compliance considerations. IAM automates and simplifies the process of enabling access to trusted network resources, activating and deactivating (provisioning) of accounts, and creating and managing access rights policies, cards, and other privileges from across the enterprise.
Effective roles definition and management are key to achieving compliance with financial regulations. Roles are groups of tasks that can be assigned to an individual, a group, or an organization and that can be defined functionally (i.e., who does what within a business context) or structurally as related to IT processes such as application and resource access.
SIEM solutions include software designed to aggregate data from multiple sources to identify patterns of events that might signify attacks, intrusions, misuse, or failure. Event correlation simplifies and speeds the monitoring of network events by consolidating alerts and error logs into a short, easy-to-understand package. SIEM also includes activities that collect and disseminate threat intelligence, provide early warning threat services, and can provide information on countermeasures.
Novell ISM Software Solutions
Novell Inc., based in Waltham, Massachusetts, has consistently been a leader in the IAM market space. The company is one of a small number of vendors in the market today offering a full and comprehensive suite of compliance and security software designed to help customers solve the issues faced when meeting Basel II, Identity Theft Prevention, Sarbanes-Oxley, and other financial compliance mandates. Novell's wide range of IAM, SIEM, and security management products can be effectively integrated to create solutions to solve security-related problems.
These solutions offer effective and secure user access, provisioning, secure single sign-on, and automated event monitoring coupled with the appropriate systems management capabilities. By viewing these solution combinations in context of the business problems they are solving, companies realize that this approach can be very effective in meeting regulatory compliance demands.
Lesen Sie weiter:
Das komplette White Paper als kostenloses pdf-Dokument [100 KB]
Lesen Sie auch:
Alle Beiträge zum "Statement of the Month" in der Übersicht
Lesen Sie auch:
Satter ROI gegen den Mythos "Eh-da"-Kosten
Mensch als Unsicherheitsfaktor Nummer 1
IT-Sicherheit und Compliance
Federation ist Vertrauenssache
Identity Management-Einführung
Provisioning und Identitätsmanagement
Compliance: Pflicht oder Kür für den IT-Leiter?
Compliance ist konsequent machbar
IdM mit Higgins und DIX
Veränderte Vorzeichen: Identität als Service
Access Management und Informationssicherheit
Identitätsmanagement und IT-Sicherheit
Managementsystem für Informationssicherheit
Informationssicherheit und Compliance
SOA-Governance und Identitätsmanagement
Identity Management für Web 2.0
PCI-Sicherheitsstandard erhöht Kaufspaß
Novell-Produkt-Berichte:
Provisioning-Modul für Identity Management
Die Studie "Vorteile und Herausforderungen IT-gestützter Compliance-Erfüllung" der Friedrich-Alexander- Universität Erlangen-Nürnberg, Lehrstuhl für Wirtschaftsinformatik III in Zusammenarbeit mit Novell ist hier erhältlich.
White Papers:
Financial Services, Privacy and Compliance
Payback and ROI of ISM solutions
Integration von Sicherheit- und Systemmanagement
Novell Payment Card Industry Solution
Moving from Mandate to Differentiator
Über Novell
Partner von Compliance-Magazin.de
Novell, Inc. (Nasdaq: NOVL) bietet Infrastruktur-Software für das Open Enterprise an. Novell ist eines der führenden Unternehmen bei unternehmensweiten Betriebssystemen für Unternehmen auf Basis von Linux und Open Source sowie bei Sicherheits- und System Management Services, die benötigt werden, um heterogene IT-Umgebungen zu betreiben. Novell unterstützt seine Kunden dabei, Kosten, Komplexität und Risiken zu reduzieren, damit sie sich auf Innovation und Wachstum konzentrieren können.
Das Unternehmen mit Hauptsitz in Waltham, Massachussets (USA), beschäftigt weltweit rund 4.700 Mitarbeiter. Seit 1986 ist Novell durch die Novell GmbH in Düsseldorf auch auf dem deutschen Markt vertreten. Von diesem Standort aus werden Vertrieb und Marketing für Deutschland, Österreich und die Schweiz koordiniert.
Niederlassungen befinden sich in Berlin, Frankfurt, München, Nürnberg, Wien, Zürich und Genf.
(Novell: ra)
Novell GmbH
Nördlicher Zubringer 9-11
40470 Düsseldorf
Tel: +49 (0)211 - 56 31 - 0
E-Mail: marketing-services@novell.com
Lesen Sie mehr:
Identitäts-, Sicherheits- und Systemmanagement
Novell Management Services
Weitere ausführliche Informationen über Novell-Lösungen, -Produkte und -Services stehen im Internet zur Verfügung unter
www.novell.com oder www.novell.de
|
|
