MBA Releases White Paper on Key Components for Information Security Programs
|June 25, 2008|
The Mortgage Bankers Association's (MBA) Residential Technology Steering Committee (RESTECH) has released a white paper that addresses basic security components which should be present in any financial services related information security program. The paper outlines common risks and mitigation approaches, specifically for small to mid-sized lenders, to help them secure sensitive and confidential customer information while adhering to an ever-increasing number of related statutes and regulations.
"As industry information security continues to develop rapidly, MBA feels it is critical to define a minimum set of objectives that small and mid-sized organizations can meet in order to execute an effective information security program,” said Robert E. Story, Jr., CMB, MBA's Vice Chair and Chairman of MBA's Board of Directors Technology Steering Committee (BODTECH). “This concise and business-oriented approach will help organizations with limited resources achieve successful information security practices.”
As concern about protection of personal information escalates, and the statutory and regulatory compliance landscape becomes more complex, the demand on an organization’s information security program also intensifies. At the same time, the number of threats and the difficulty of addressing them are increasing as well. While information security does not generate revenue, the costs associated with liability, reputation, and compliance failures obligate senior managers to pay attention.
While most large corporations have the necessary fiscal and human resources to comply with the growing number of regulatory requirements, small and mid-sized organizations have fewer resources.
This paper identifies eight major components of an information security program: