|
|
 |
|
|
Financial controls, safeguarding personal information and breach notification are driving information assurance requirements. Information security is no longer something that concerns a few techies or mid-level managers but has reached the attention of board rooms.
To this end, MBA established a proactive approach to aid members. MBA’s multifaceted strategy includes advocacy, education guidance. Leading the way for many of these efforts is MBA’s Board of Directors Technology Steering Committee (BoDTech), which releases comprehensive recommendations to the industry.
Advocacy
MBA participates in federal hearings, comments on regulations and drafts legislative recommendations related to data security. The Association also coordinates task forces made up of industry leaders to proactively address this issue. In 2006, MBA’s Data Security Task Force released Recommendations and Red Flag Comments to serve as policy guidance.
Education
Security content is increasing at MBA conferences, as well as courses offered by CampusMBA, the education department of MBA.
In addition, security content is part of the following MBA conferences: Legal Issues and Regulatory Compliance, Regulatory Compliance, National Fraud Issues and National Technology in Mortgage Banking Conference & Expo.
Guidance
MISMO®
The MISMO Information Security Work Group integrates information security best practices into industry data standards and specifications. The work group recently released an updated white paper, “Identifying and Safeguarding Personal Information,” which provided guidance for MISMO process areas and tagged sensitive data elements the in MISMO Logical Data Dictionary (LDD). Visit MISMO.
Secure Identity Services Accreditation Corporation (SISAC®)
SISAC provides best practices for authentication and identity management. The mortgage industry is facing increased legislative and regulatory requirements for high assurance identity and the protection of unauthorized access to personal information. SISAC provides the industry an open standard model for a common credential between trading partners. Visit SISAC.
Leadership
MBA Board of Directors Technology Steering Committee (BoDTech)
Over the last several years, MBA’s Board of Directors Technology Steering Committee (BoDTech) established information assurance as a top priority. The release of a white paper, “Protecting Personal Information: The Good, Bad and Ugly,” in 2005, attempted to raise awareness at the highest leadership level.
In 2006, the BoDTech released recommendations for a comprehensive approach to information assurance, “Five-Step Information Assurance (IA) Model for the Mortgage Industry.” The Five-Step IA model researched and analyzed three critical areas of information assurance: legislative and regulatory, audit practices, and security standards and framework.
MBA Residential Technology Steering Committee (ResTech) Security Subgroup
As one of the top three priorities of the BoDTech, Information Security is being address by a subgroup of industry experts. The group formed in early 2007 and identified strong authentication as an area of immediate concern. Reliable and high assurance identity management will aid the industry reduce risk related to identity thief and regulatory compliance. The Strong Authentication white paper is describes high level business concerns, examples of factors and several steps for resolution.
The ResTech Information Security Subgroup continues to build on their information assurance library with the latest white paper on Basic Security Program Components. An effective security program starts with a strong foundation that identifies logical areas to protect assets. The paper categorizes eight areas or logical components. Each component contains narratives on common risks and mitigation approaches to aid with the development of a security program. This is not a technical paper and the audience is directors or senior management.
|
|
|