GLBA

Gramm-Leach-Bliley Act (GLBA) Compliance

The Gramm-Leach-Bliley Act requires financial institutions to develop a written information security plan detailing how the company is safeguarding non-public personal information of its clients. 

How EiQ Helps

EiQ’s SOCVue Security Monitoring service helps organizations meet GLBA requirements by providing 24/7/365 security monitoring and compliance reporting.

EiQ’s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance designed to help address FFIEC Host Security and User Equipment Security requirements.

The privacy requirements of GLBA are enforced with the help of the Federal Financial Institutions Examination Council (FFIEC). As part of the SOCVue Security Monitoring service, EiQ’s SOC team will proactively assess security controls that are aligned with the FFIEC Handbook. The security controls are based on the widely used SANS/CIS Critical Security Controls* and are mapped directly to the relevant sections of FFIEC cybersecurity framework.

Our SOC analysts will work with your organization to enable the reporting you need to help meet your compliance objectives with ease.

Critical Security Control

FFIEC Examiners Handbook Framework for GLBA

How SOCVue Security Monitoring Addresses

How SOCVue Vulnerability Management Addresses

Critical Security Control #1: Inventory of Authorized and Unauthorized Devices

Host Security User Equipment Security (Workstation, Laptop, Handheld)

SOCVue security analysts can monitor DHCP event logs to track the identity of devices connecting to the network and help detect unauthorized devices.

SOCVue security analysts will conduct Qualys discovery scans in order to build an inventory of authorized and unauthorized devices.

Critical Security Control #4: Continuous Vulnerability Assessment and Remediation

Host Security User Equipment Security (Workstation, Laptop, Handheld)

SOCVue security analysts can help you correlate data from a wide variety of commercial vulnerability scanners with real-time security event data for enhanced alerting and reporting.

SOCVue Vulnerability Management includes Qualys vulnerability scanning along with our SOCVue security analysts to manage the tool and guide you with recommended action. New vulnerabilities can be quickly detected and appropriate staff notified.

Critical Security Control #6: Maintenance, Monitoring, and Analysis of Audit Logs

Security Monitoring

SOCVue Security Monitoring provides the people, process, and technology needed to collect, monitor, and analyze audit logs. Monitoring audit logs can provide valuable security insight and help detect advanced threats.

Critical Security Control #9: Limitation and Control of Network Ports

Network Security

SOCVue security analysts will help you establish a whitelist/blacklist of ports and protocols and assess whether any unauthorized ports, protocols, and services are running on a network.

SOCVue Vulnerability Management provides vulnerability scanning technology from Qualys to help detect vulnerable port and protocol usage on your IT assets.

*Additional controls auditing available with on-premise Security Monitoring deployments


Learn More About SOCVue Security as a Service

Let's Talk
SOCVue allows us to help our clients meet complex compliance mandates while EiQ’s highly trained analysts provide the expertise we don’t have in-house. With EiQ protecting our company and centralizing all of our security intelligence, we don’t just get to say we’re improving our security posture – we get to prove it.
Rod Lueck President, C5 Solutions for Broker Dealers