Case Study APA Format No Plagiarism
Case Study:
Conduct research on the Internet or select 1 of the 2 examples in your text in Chapter 4, page 117 on a credit card breach. Write a 3 to 4 page paper (Not including title and reference page) in which describe the details of the event. Tell us what could done to prevent the event from happening, list the laws that were broken and if the event violated any of the acts or laws that you read about in chapters 3 & 4. You paper should be in APA format and contain 3 to 4 different sources. Make sure you cite all sources.
Writing Requirements
- 4 pages in length (excluding cover page, abstract, and reference list)
- At least 3-4 peer reviewed sources that are properly cited and referenced
- APA format, Use the APA template located in the Student Resource Center to complete the assignment.
- Please use the Case Study Guide as a reference point for writing your case study.
No PlagiarismAPA Format
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Legal Issues in
Information Security
Lesson 4
Security and Privacy of
Consumer Financial Information
Page 2Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective
Describe legal compliance laws addressing
how
financial institutions
protect the
security and privacy of consumer financial
information.
Page 3Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
Financial institutions and the protection of
information they collect
Financial regulatory laws and government
regulatory bodies
The Gramm-Leach-Bliley Act and financial
institutions
The Federal Trade Commission Red Flags
Rule
Payment Card Industry Standards
Page 4Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Business Challenges Facing
Financial Institutions
Bear cost of consumer identity theft
Company names and logos used in
phishing scams
Targets of hackers
Must follow regulations designed to protect
security and privacy of data they collect and
use; rules place compliance burden on
financial institutions
Page 5Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Types of Financial Institutions
Savings and loan associations
Finance companies
Insurance companies
Investment companies
Page 6Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Consumer Financial Information
Name
Social
Security
number
Driver’s
license
number
Address/
telephone
number
Work history
Page 7Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Who Regulates Financial
Institutions?
Page 8Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Federal Financial Institutions
Examination Council (FFIEC)
Establish principles and standards for
examination of federal financial institutions
Develop uniform reporting system
Conduct training for federal bank examiners
Make recommendations regarding bank
supervision matters
Encourage adoption of uniform principles and
standards by federal and state banks
Page 9Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Gramm-Leach Bliley Act
(GLBA)
The Financial Modernization Act of 1999
Protects personal financial information held
by financial institutions
Page 10Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Impacts of
GLBA
Allows banks, securities, and insurance
companies to merge
Financial activities include borrowing,
lending, providing credit counseling, debt
collection, and other activities
Protects nonpublic personal information
(NPI)
Page 11Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Nonpublic Personal Information
(NPI)
Social Security numbers
Financial account numbers
Credit card numbers
Date of birth
Name, address, and phone numbers when
collected with financial data
Details of any transactions or the fact that an
individual is a customer of a financial institution
Page 12Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
GLBA―Principal Parts
GLBA
Privacy
Rule
Safeguards
Rule
Pretexting
Page 13Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
GLBA Privacy Rule
Financial institutions may not share NPI with
nonaffiliated third parties unless institution gives
notice to consumer
The notice must tell consumers about types of
data the institution collects and how it uses that
information
• Called a notice of privacy practices
Consumers have chance to opt out of some data
sharing
Page 14Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
GLBA Safeguard Rule
Each agency must establish standards
that:
• Protect the security and confidentiality of
customer information
• Protect against threats to the security or
integrity of customer information
• Protect against unauthorized access to or
use of customer information that could
result in harm to a customer
Page 15Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
GLBA Pretexting Rule
Pretexting
• Trying to gain access to customer information without
proper authority; also known as social engineering
Illegal to make false, fictitious, or fraudulent
statements to a financial institution or its
customers to get customer information
Illegal to use forged, counterfeit, lost, or stolen
documents to do the same thing
Designed to stop identity theft
Page 16Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
The Federal Trade Commission
Red Flags Rule
Fair and Accurate Credit Transaction Act of
2003 (FACTA)
Identify Theft Red Flags Rule
Page 17Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Red Flag Categories
Suspicious
Documents
Suspicious
Personal
Identifying
Information
Unusual
Account Activity
Notice of Identity
Theft
Credit Reporting
Agency Alerts
Page 18Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Payment Card Industry (PCI)
Data Security Standards (DSS)
Safeguards and protects credit card data
All merchants accepting credit cards must
follow PCI DSS standards
Single approach makes it easier for
merchants to accept all cards
Page 19Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
PCI DSS Controls and Rules
Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management
program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
Page 20Legal Issues in Information Security
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
Financial institutions and the protection of
information they collect
Financial regulatory laws and government
regulatory bodies
Gramm-Leach-Bliley Act
Federal Trade Commission Red Flag Rules
Nonpublic personal information (PII)