Project part 4

Project Part 2: GLBA Safeguarding Requirements

Doyin Adebowale

Missouri State University

ITC 762

Professor Kenneth Newmann

Introduction

The Gramm-Leach-Bliley Act (G.L.B. Act or GLBA) was enacted in 1999 and

recognized as the Financial Modernization Act. National legislation in the United States

compels financial organizations to describe how organizations handle and safeguard their

consumers' personally identifiable information (Correia, 2020). To be GLBA completely

compatible, banking institutions should converse with their consumers about how they

start sharing confidential material. Advise clients of opting out if individuals would like that

one's personally identifiable information not even be communicated with third-party

companies, and apply specific safeguards to consumers' personal information in

conjunction with the organization's documented information security policy. This report

will look into the university's GLBA information protection requirements, why data

protections are necessary to establish to secure college financial aid data and the scale of

implementing GLBA regulation. As the C.I.O. of Premier University, I would look into the

following in my report:

The university's GLBA data safeguarding requirements

Premier University should comprehend that the act is divided into three sections,

each containing two regulations and a set of requirements. The phrase "three rules"

appears to have been coined to help individuals better comprehend the legislature's

obligations (Correia, 2020). Each of these three steps is intended to educate and

encourage institutions covered by the agreement regarding:

 The sorts of data to safeguard,

 Specific provisions that the law is anticipated to enact, and

 Eliminating or reducing the number of chances for illegal access.

Here are brief explanations of every one of the GLBA's three main components:

Financial Privacy Regulation: A firm that is a "financial institution" or gets

"nonpublic personal information (NPI)" about customers from such a finance

organization should follow the GLBA's privacy rule. For instance, Premier University has a

section which deals with such information (Correia, 2020). This regulation applies to most

personally identifiable information (such as identity, birth date, and Identification Number)

and billing systems (card, bank account numbers). It also includes any confidential details

users may get throughout a transaction (a credit report, for instance). The F.T.C. has a

website that goes over every component of the privacy rule.

Safeguards Regulation: This rule guarantees that those subject to the GLBA

have certain security measures in place to secure confidential details (Zelesniack et al.,

2021). GLBA followers should have "the managerial, technological, or physical

protections you employ to access, acquire, disseminate, operate, preserve, keep, utilize,

communicate, discard of, or otherwise manage information about customers," as per the

rule's wording. Notable prerequisites include:

 Employee education,

 Appropriate software, and

 Vulnerability testing and monitoring.

Pretexting Regulations: In addition to protecting classified government

confidential info, businesses subject to the GLBA should take steps to identify and

prevent unlawful access in as many cases as feasible (Zelesniack et al., 2021). Various

malicious schemes attempt to obtain personal data through phone, email, or even in

person. Pretexting measures are intended to reduce data loss and safeguard more

customers.

The student finance section at Premier University continues to make efforts to

protect the seclusion, protection, and authenticity of students and parental networks

connected to student financial aid operations. Safeguarding such knowledge is a shared

responsibility of the Department, organizations, third-party internet companies, and other

financial support system partners (Zelesniack et al., 2021). To prevent hackers or

exposure of top-secret information, we require all of our collaborators to have robust

security standards and comprehensive compliance requirements.

In its Strategic Connection With the provision with the Administration, each

organization would abide with GLBA. Furthermore, every organization and provider

should accept the Student Aid Internet Gateway (SAIG) Registration Memorandum of

understanding. As a circumstance of connecting the Agency's infrastructures, that also

asserts that now the organization should guarantee that all student financial aid

application forms privacy is secured from direct connections by or declassification to

unauthorized individuals. Colleges and third-party service providers must also show

administrative capacity in compliance with 34 C.F.R. 668.16, which includes maintaining

appropriate democratic accountability in their corporate governance mechanism

(Zelesniack et al., 2021). A university or service provider that doesn't even implement

effective internal control over the protection of student attendance may be deemed

administratively incompetent.

Reasons why data safeguards are important to implement to protect student

financial aid data

As previously stated, every organization's P.P.A. contains a provision requiring the

university to comply with the requirements of the GLBA. Banking and finance businesses,

including postsecondary higher education institutions, are obligated by the GLBA to

guarantee the protection and anonymity of undergraduate financial compensation data

and records (De Groot, 2019). The GLBA requires institutions to:

 Create, implement, and manage a documented information security policy,

 Delegate the employee(s) who will be in charge of directing the security strategy,

 Recognize and analyze threats to consumer information,

 Create and implement an information security management system,

 Choose acceptable internet services that can maintain adequate protections; and

 Assess and upgrade their cybersecurity strategy regularly.

Under these GLBA standards, Governors and Chief Technology Managers of

universities must have reviewed and acknowledged their current safety postures

concerning the GLBA regulations and taken urgent action to correct any discovered

weaknesses. Implementing GLBA security mechanisms into the Annual Performance

Guidelines would help to verify and certify organizations' GLBA adherence. As part of the

yearly student assistance compliance assessment, the Administration would require

schools to examine evidence of GLBA compliance (De Groot, 2019). It would assist in

reducing the cases of intrusions to the Universities finance for student aid.

Privacy violations at companies authorized with personal details continue to

increase, reinforcing the need for the United States Government to take concerted action

to address cybersecurity threats and enhance the Administration's cybersecurity

architecture (De Groot, 2019). Compliance with the GLBA reduces the risk of credit

intermediaries facing fines or negative publicity due to illegal sharing or loss of sensitive

client data. The GLBA Protective measures Regulation also requires numerous privacy

and security advantages for consumers, some of which are as follows:

 Private information is kept safe from unlawful access,

 Consumers should be informed about confidential intelligence gathering between

credit intermediaries and other parties and given the option to opt-out of such sharing,

 All user conduct tries to access sensitive information should be monitored.

Conformity with the GLBA safeguards student personal information, which

contributes to the development and strengthening of student's dependability and

confidence. Clients develop confidence that the organization will keep their information

safe (Federal Student Aid, 2020). Consumer trust is fostered through safety and

protection, which results in a rise in perception, brand recognition, and other advantages

for credit intermediaries.

The ease of implementation of each safeguard on a scale of easy, medium, or hard

by Premier University

It isn't easy to put GLBA regulations into effect. Because GLBA compliance errors

result in large fines charged by authorities, blunders here result in heavy fines enforced

by authorities (Federal Student Aid, 2020). Some of the mistakes that make its

implementation hard includes:

Qualifications for the GLBA

One all-too-common blunder is that financial situation of the Premier University

fails to comply with GLBA since they incorrectly assume it's doesn't pertain to

business (Kosseff, 2018). Accounting companies, for example, may mistakenly assume

that GLBA only applies to major banks or private equity firms. In reality, the GLBA applies

to financial institutions or sections of all sizes, including sole proprietorships. Consultants

who refuse to adhere to GLBA risking exposing sensitive information and may be held

fully accountable by the F.T.C.

Infringement of the Protective measures Principle

The Protective measures Regulation states organizations create a documented

strategy for protecting user data suitable for the company's business activities,

magnitude, sophistication, and the type and vulnerability of the user information. The

strategy document must designate a person to maintain countermeasures, modify

protections as required to keep pace with changes in information systems and access

and display hazard identification for each division that manages important documents. It

might cost you if the institution's written strategy is out of the current and does not

represent the reality of your company's data consumption (Kosseff, 2018). Needs vary,

and a monetary college's strategy may be updated to stay fully compliant with GLBA.

Risk Analysis Errors

Because some universities do not conduct extensive hazard identification, the

security strategy cannot be comprehensive. A widespread threat assessment error is

failing to account for information extraction, data management, or data movement. A

threat assessment should concentrate on where confidential data can be collected and

what measures are in place (Kosseff, 2018). Because not all awareness among

consumers is critical, limiting the scope of knowledge that must be protected is critical.

Monitoring of Vendors

Because many universities rely on third-party contractors, strategic sourcing is a

major concern for GLBA conformity. While an institution cannot require vendors to comply

with the GLBA, if subsequently extended, conditions in the agreement can be included to

safeguard their concerns (De Groot, 2019). It allows you to quit a poor agreement in

preference of a vendor who complies with legislation if required.

Copiers and printers that aren't password-protected

Copiers and printers can keep critical data duplicates on their storage devices. It

means that a hard disk breach on the printer might allow access to protected client data.

Organizations must safeguard copier and printer storage devices to remain fully

compliant with GLBA (De Groot, 2019). To secure confidential material printed,

transferred, or duplicated, use manually inputting, cryptography, and password security.

The GLBA Plan Doesn't Reflect Organizational Values

Some businesses have strategies that appear to be wonderful on paper but are

simply that—paper strategies meant to impress compliance officers rather than safeguard

consumers. If an inspector dives deeper into such a strategy, they may discover that it

does not effectively secure customer data (Kosseff, 2018). Rather than maintaining a plan

disconnected from company culture and consumer data as handled by the financial

company, invest in a strategy that safeguards its requirements, credibility, and

consumers. Creating an effective GLBA plan can help safeguard its vested interests

because security breaches result in a loss of confidence and reputation.

Conclusion

In brief, this paper discusses the university's GLBA information protection

requirements, why data protections are necessary to establish to secure college financial

aid data and the scale of implementing GLBA regulation. The GLBA's primary goal is to

broaden and strengthen consumer data mechanisms to protect and limitations. The major

priority of I.T. experts and financial firms concerning the GLBA is to safeguard and

preserve the security of their client's personal and financial details. Monitoring GLBA

conformity is important for any financial company since breaches may be expensive and

harmful to the organization's ability to continue activities. Nevertheless, by adopting

efforts to protect NPI and compliance with both the GLBA, businesses will gain not just

from greater security and the elimination of fines and rising consumer loyalty and

commitment.

References.

Correia, C. (2020). Safeguarding data consistency at the edge. 2020 50th Annual IEEE-

IFIP International Conference on Dependable Systems and Networks-

Supplemental Volume (DSN-S). https://doi.org/10.1109/dsn-s50200.2020.00035

Zelesniack, E., Oubaid, V., & Harendza, S. (2021). Final-year medical students'

competence profiles according to the modified requirement tracking

questionnaire. B.M.C. Medical Education, 21, 1-9.

http://dx.doi.org.nec.gmilcs.org/10.1186/s12909-021-02728-2

De Groot. J. (2019, July 15). What is GLBA compliance? Digital Guardian.

Retrieved October 5, 2021, from https://digitalguardian.com/blog/what-glba-

compliance-understanding-data-protection-requirements-gramm-leach-bliley-act

Federal Student Aid. (2020, February 27). Enforcement of cybersecurity requirements

under the Gramm-Leach-Bliley act | Knowledge center. F.S.A. Partner Connect.

Retrieved October 5, 2021,

from https://fsapartners.ed.gov/knowledge-center/library/electronic-

announcements/2020-02-28/enforcement-cybersecurity-requirements-under-

gramm-leach-bliley-act

Kosseff, J. (2018). Defining cybersecurity law. Iowa Law Review, 103(3), 985-1031.

Retrieved from https://www.nec.gmilcs.org/login?url=https://www-proquest-

com.nec.gmilcs.org/scholarly-journals/defining-cybersecurity-law/docview/

2187899333/se-2?accountid=42685