MBA Releases White Paper on Key Components for Information Security Programs

June 25, 2008

The Mortgage Bankers Association's (MBA) Residential Technology Steering Committee (RESTECH) has released a white paper that addresses basic security components which should be present in any financial services related information security program. The paper outlines common risks and mitigation approaches, specifically for small to mid-sized lenders, to help them secure sensitive and confidential customer information while adhering to an ever-increasing number of related statutes and regulations.

"As industry information security continues to develop rapidly, MBA feels it is critical to define a minimum set of objectives that small and mid-sized organizations can meet in order to execute an effective information security program,” said Robert E. Story, Jr., CMB, MBA's Vice Chair and Chairman of MBA's Board of Directors Technology Steering Committee (BODTECH). “This concise and business-oriented approach will help organizations with limited resources achieve successful information security practices.”

As concern about protection of personal information escalates, and the statutory and regulatory compliance landscape becomes more complex, the demand on an organization’s information security program also intensifies. At the same time, the number of threats and the difficulty of addressing them are increasing as well. While information security does not generate revenue, the costs associated with liability, reputation, and compliance failures obligate senior managers to pay attention.

While most large corporations have the necessary fiscal and human resources to comply with the growing number of regulatory requirements, small and mid-sized organizations have fewer resources.

This paper identifies eight major components of an information security program:

  • Acceptable Use Policy
  • User Access Controls
  • Physical Security
  • Personnel Security
  • Business Continuity Planning
  • Compliance
  • Third-party Provider Management
  • Technology Security


To obtain a copy of the MBA RESTECH white paper, please click http://www.mortgagebankers.org/files/Technology/ResTechBasicSecurityWhitePaper.pdf

Source: MBA