Safeguarding Information Assets

1
Safeguarding Information Assets
Challenge, Trends, and Opportunity within the
Financial Services Markets

• March 15, 2006
• Greg Hughes
• Director, Information Security
• John H. Harland Co.
• Ph. 770.593.5024
• ghughes_at_harland.net

2
Introduction

• Greg Hughes
• A lifelong resident of the Atlanta area with 20
  years in Information Management.
• Joined Harlands IT team in 1997
• Serving various roles in division and
  corporate-level IS programs.
• Designated as Harlands Information Security
  Officer in 2005.
• Responsible for leading and developing Harlands
  Corporate Information Security Program.

3
Introduction

• John H. Harland Company
• Founded in 1923 and headquartered in Decatur, GA
• A leading provider of software, services, and
  printed products to the financial services
  industry.
• A leader in testing and assessment solutions for
  educational markets.
• A diverse and growing organization with 5,500
  employees nationwide.
• Annualized revenues exceeding 1 billion.

4
Roles of Information Security

• Above all, the role must support and enable the
  attainment of business objectives.
• Engaging, retaining, and growing share in chosen
  markets.
• Fundamentally a role of assurance to customers,
  investors, and management.
• To establish and to continuously monitor the
  effectiveness of administrative, technical, and
  physical safeguards protecting our information
  assets.

5
The Scope of Information Security

• Information Security is not an IT issue. It is a
  business process that touches all aspects of
  company operations.
• Contractual, regulatory, and legal compliance.
• HR processes (engagement, termination, awareness,
  etc.).
• Vendor management.
• IT and asset management controls.
• Facilities management (physical and environmental
  controls).
• Contractual, legal, and regulatory compliance.
• Engaging, retaining, and growing share in chosen
  markets.
• Fundamentally a role of assurance to customers,
  investors, and management.
• To establish and to continuously monitor the
  effectiveness of safeguards protecting
  organizational assets (information).
• Administrative, technical, and physical.

6
Challenges

• Organizational
• Fiscal and resource constraints.
• Leveraging organizational assets to achieve
  objectives
• Corporate Training
• Legal and Internal Audit
• Human Resources
• Facilities management
• Information Technology

7
Challenges

• Rapidity of Change
• Maintaining pace with your own organizational
  growth.
• Rapidly evolving regulatory and legal
  requirements.
• Maintaining awareness of the evolving
  requirements of FI regulatory agencies.
• lt30 states have introduced legislation similar to
  CA SB 1386.

8
Trends

• Vendor Management
• A shift in focus from technology controls to
  comprehensive organizational practices.
• Widespread acceptance of ISO-17799
• Increased demand for 3rd party assurance (e.g.
  SAS-70).
• Standardization
• Collaboration on vendor management standards
  (FIs, service providers, and audit firms).

9
Trends

• Vendor Management (Contd)
• Increased focus on mitigating business
  interruption.
• Business Continuity Planning
• Disaster Recovery Planning.
• Growing use of PCI standard for protection of
  cardholder information.
• 250 administrative, technical and physical
  controls.
• Adopted and required by major card providers.

10
Opportunity

• Standardized Controls
• Provides efficiencies to both the FI and the
  service providers.
• Provides clarity and focus to the development of
  service provider controls.
• Provides opportunities for service providers to
  differentiate themselves from competitors.
• Allows organizations to leverage common but often
  separate resource investments in SOX, GLB, and
  SAS-70 efforts.

11
Questions
Questions/Discussion