|
Security managers are sweating the current financial crisis, in particular how the wave of layoffs and mergers in the financial services sector could weaken data security. In particular, institutions need to be vigilant about flicking the switch on user access once a person is let go. User provisioning, password management and configuration management are primary areas of concern, experts say.
In recent weeks, not only have world markets plunged, but major institutions have either folded or been acquired. The bankruptcy of Lehman Brothers was followed quickly by JP Morgan's acquisition of Bear Stearns. JP Morgan then acquired Washington Mutual. And Citigroup gobbled up Wachovia's banking operations--more deals are expected.
While larger institutions have solid processes in place to address the integration of new business, the question of disgruntled, unemployed former workers is a serious threat.
Steven Katz, often regarded as the first CISO and who once held that position at Citigroup, JP Morgan and Merrill Lynch, says larger banks were forced to shore up these processes to meet the Federal Financial Institutions Examination Council (FFIEC) rules that govern...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
the financial industry.
"These are companies that have been subject to a fair amount of regulatory scrutiny in terms of information security and generally have fairly substantial programs for provisioning and deprovisioning folks and validating access rights," says Katz.
However, the potential for problems does exist since there is a higher possibility for employee deceit and data-handling misuse at troubled firms, says Katz.
"If I were sitting at one of these companies that were in jeopardy, my concern about disgruntled employees would go up, and I would pay more attention to my access control reports," says Katz. "I'd also be paying more attention to privileged user activities."
Bank acquisitions follow the same track as most corporate acquisitions. A steering committee works quickly to conduct a gap analysis, put in place necessary practices and policies, and analyze and migrate data. The time it takes to conduct an analysis and bring together systems depends on whether there is a big difference in data structure and system makeup, says Matthew Pollicove, an SAP identity management expert and project manager at Secude Global Consulting.
|
 |
|
