Commercial Enterprises:

INTEGRITY — When Your Money Depends on It
Securing Financial Services Providers from Cyber Attack

Financial Services company leaders have been put on notice...

"Despite our efforts to safeguard client information, a computer hacker using sophisticated techniques illegally accessed a database and obtained access to confidential client information. All of us at Davidson are acutely aware of the uncertainty, stress and inconvenience associated with the potential compromise of personal information." William Johnstone, President and CEO, Davidson Companies.

Not only is a breach of confidential customer information a violation of customer trust, it's in violation of federal regulations governing the control of confidential information and can open up a company to serious financial penalties.

The financial services industry is comprised of three primary sectors: banking, securities and commodities, and insurance. (U.S. Bureau of Labor Statistics) Financial services firms must maintain a high level of cyber security in order to meet the requirements of federal regulations, many of which were enacted in the past decade. These regulations include: Gramm-Leach-Bliley Act, Basel II guidelines, SEC rule 17a-4, and the Sarbanes-Oxley Act. In addition, financial services firms must meet the Federal Financial Institutions Examination Council Mandates

According to the FTC, 56 percent of identity theft incidents are related to banking activities. "Financial firms have yet to learn that their current practices actually contribute to the effectiveness of identity theft and fraud scams."

No updates, exposed vulnerabilities in software, systems connected to the Internet. A successful cyber attack on a financial facility is not a matter of if; it's only a matter of when.

Sooner or later, cyber security strategies based on "pierce and patch" will result in:

  • Executives not in compliance with Federal laws and facing fines and/or prison sentences
  • Loss of electrical services
  • Loss of value — market capitalization, revenue, earnings
  • Loss of customers
  • Millions lost defending or settling class action lawsuits
  • Millions of dollars spent on restoring service or refunding money to customers
  • Bankruptcy
  • Customer health and medical emergencies, including death
  • Widespread economic upheaval
  • Widespread political and social upheaval
  • Compromised national defense

A cyber security strategy based on "pierce and patch" is—

Unfathomable. Unacceptable. Untenable. Uneconomic.
And has largely been unfixable — until now.

INTEGRITY — the most secure and reliable software ever developed — can provide financial services firms with certified unbeatable cyber asset security. The National Information Assurance Partnership (NIAP) has awarded INTEGRITY a rating of EAL6+ High Robustness.

With INTEGRITY, mission critical applications stay secure, customer data remains private, and control and command applications work without the possibility of intentional, hostile, well-funded, internal or external attack. And it's been certified — not once, but multiple times.

"I still do not get the sense that we are addressing cybersecurity with the seriousness that it deserves. I think we could search far and wide and not find a more disorganized, ineffective response to an issue of national security of this import. If NERC doesn't start getting serious about national security, it may be time to find a new electric reliability organization." — Congressman James Langevin, as quoted by PC World, May 21, 2008.

INTEGRITY should be a cornerstone of any financial services firm's efforts to comply with the myriad federal regulations governing the industry.

Gramm-Leach-Bliley Act The Financial Privacy Rule of GLBA governs the collection and disclosure of customers' personal financial information by financial institutions. Financial institutions, credit reporting agencies, investment advisors and others are required to design, implement and maintain safeguards to protect customer information.

INTEGRITY protects cardholder data by providing certified military-grade security through its separation technology.

Basel II Worldwide banking guidelines define the level of risk considered acceptable for banks to remain solvent. IT governance must be included in efforts to control and manage risk. Banks that have failure-prone IT systems may face higher capital requirements.

INTEGRITY protects data at the core through its certified technology. This ensures that financial services firms' IT systems keep risks at or below an acceptable level.

SEC 17a-4 Rule 17a-4 of the Securities and Exchange Commission requires that brokerage firms store and be able to rapidly produce accurate records of securities transactions for years after the transaction date.

INTEGRITY allows access to and control of critical data based on a comprehensive policy strategy established by the financial institution.

Federal Financial Institutions Examination Council (FFIEC) has issued the FFIEC Information Technology Examination Handbook, Information Security Booklet, December 2002, which recommends financial institutions should periodically:

  • Ensure that their information security program: Identifies and assesses the risks associated with Internet-based products and services; Identifies risk mitigation actions, including appropriate authentication strength; and measures and evaluates customer awareness efforts.
  • Adjust, as appropriate, their information security program in light of any relevant changes in technology, the sensitivity of its customer information, and internal or external threats to information; and
  • Implement appropriate risk mitigation strategies.

INTEGRITY is the only operating system that is certified to be 100% secure and reliable. It enables other applications (and operating systems) to run securely on various platforms. INTEGRITY enables financial services firms to establish their own enterprise-wide and system-level protocols.

State Privacy Laws — Following the passage of California SB 1386 in 2003, all but a handful of other states have passed similar laws requiring that consumers be notified, usually in writing and at potentially high cost, if their data may have been exposed in a data breach. Some states exempt encrypted data; others do not.

INTEGRITY has been tested and proved to be secure against hostile and intentional attack. INTEGRITY has achieved a NIST EAL 6+ rating with High Robustness

European Union privacy directive — The European Union's directive 95/46/EC mandates that personal data be kept private and subject to the control of the individual. U.S. companies doing business in Europe must comply; similar legislation is proposed for the U.S.

INTEGRITY allows access to and control of critical data based on a comprehensive policy strategy established by the financial institution.

USA PATRIOT Act: — The act includes antiterrorism and money-laundering provisions with which financial services firms must comply. Since the act went into effect, financial service firms have spent hundreds of millions of dollars annually on compliance.

INTEGRITY has been tested and proved to be secure against hostile and intentional attack. INTEGRITY has achieved a NIST EAL 6+ rating with High Robustness. Further, INTEGRITY allows access to and control of critical data based on a comprehensive policy strategy established by the financial institution.

Sarbanes-Oxley Act The Sarbanes-Oxley Act requires leaders of publicly-traded firms, including financial services firms, to personally certify that reported financial results are accurate. To do this, reliable and secure information systems are required.

INTEGRITY has been tested and proved to be secure against hostile and intentional attack. INTEGRITY has achieved a NIST EAL 6+ rating with High Robustness

Certified as secure and reliable for both military and non-military use as a result of the most rigorous testing and evaluation possible, INTEGRITY offers:

  • True security
    • Open communication is possible without risk to critical assets
    • Mission critical assets and applications remain completely safe and secure
  • Cost savings
    • INTEGRITY Secure Consolidated Client (ISCC)
    • Simultaneous support of legacy and mission critical applications
  • Form flexibility
    • Protect desktop PCs, servers, Thin-Client Workstations and even PDAs
  • Open Standards
    • Supports Windows and Linux
    • Ability to create native POSIX applications
  • Certified security and reliability — no other operating system can offer this level of security and reliability and no other operating system has ever been certified to the levels of INTEGRITY

To learn more about how INTEGRITY Global Security can secure your financial institution, please call 805.882.2500, or send email.

© INTEGRITY Global Security    |    Site Map    |    Contact Us