|
|
|
|
Financial controls, safeguarding personal information and breach notification are driving information assurance requirements. Information security is no longer something that concerns a few techies or mid-level managers but has reached the attention of board rooms.
To this end, MBA established a proactive approach to aid members. MBA’s multifaceted strategy includes advocacy, education guidance. Leading the way for many of these efforts is MBA’s Board of Directors Technology Steering Committee (BoDTech), which releases comprehensive recommendations to the industry.
Advocacy
MBA participates in federal hearings, comments on regulations and drafts legislative recommendations related to data security. The Association also coordinates task forces made up of industry leaders to proactively address this issue. In 2006, MBA’s Data Security Task Force released Recommendations and Red Flag Comments to serve as policy guidance.
Education
Security content is increasing at MBA conferences, as well as courses offered by CampusMBA, the education department of MBA.
In addition, security content is part of the following MBA conferences: Legal Issues and Regulatory Compliance, Regulatory Compliance, National Fraud Issues and National Technology in Mortgage Banking Conference & Expo.
Guidance
MISMO®
The MISMO Information Security Work Group integrates information security best practices into industry data standards and specifications. The work group recently released an updated white paper, “Identifying and Safeguarding Personal Information,” which provided guidance for MISMO process areas and tagged sensitive data elements the in MISMO Logical Data Dictionary (LDD). Visit MISMO.
Secure Identity Services Accreditation Corporation (SISAC®)
SISAC provides best practices for authentication and identity management. The mortgage industry is facing increased legislative and regulatory requirements for high assurance identity and the protection of unauthorized access to personal information. SISAC provides the industry an open standard model for a common credential between trading partners. Visit SISAC.
Leadership
MBA Board of Directors Technology Steering Committee (BoDTech)
Over the last several years, MBA’s Board of Directors Technology Steering Committee (BoDTech) established information assurance as a top priority. The release of a white paper, “Protecting Personal Information: The Good, Bad and Ugly,” in 2005, attempted to raise awareness at the highest leadership level.
In 2006, the BoDTech released recommendations for a comprehensive approach to information assurance, “Five-Step Information Assurance (IA) Model for the Mortgage Industry.” The Five-Step IA model researched and analyzed three critical areas of information assurance: legislative and regulatory, audit practices, and security standards and framework.
MBA Residential Technology Steering Committee (ResTech) Security Subgroup
As one of the top four priorities of the BoDTech, Information Security is being address by a subgroup of industry experts. The group formed in early 2007, established an initiative to create a library of current security issues facing the industry. The ResTech Information Security Subgroup continues to build on their information assurance library with the latest white paper on ID Theft Red Flags and Address Discrepancies Implementation Experiences. Different participants; lender, real estate services and technology provider present their insight into the new rule. They share knowledge in areas such as assessment, implementation approach, challenges and program administration.
- Reliable and high assurance identity management will aid the industry reduce risk related to identity thief and regulatory compliance. The Strong Authentication white paper is describes high-level business concerns, examples of factors and several steps for resolution.
- An effective security program starts with a strong foundation that identifies logical areas to protect assets. The Basic Security Program Components paper categorizes eight areas or logical components. Each component contains narratives on common risks and mitigation approaches to aid with the development of a security program.
These papers are not exceedingly technical and the intended audience is directors or senior management.
MBA Commercial Technology Committee (CommTech)
As a standing committee of MBA's Commercial Real Estate/Multifamily Finance Board of Governors, the CommTech Committee supports commercial and multifamily mortgage industry. This industry faces a different set of issues than the consumer-facing residential industry, and benefits from the international capital markets. In early 2007, the CommTech Committee partnered with the law firm Hunton & Williams LLP to release a white paper reviewing privacy and data protection laws around the globe. The scope of these laws can differ dramatically from those in this country and can apply equally to a variety of business transactions. The Privacy Primer: An Overview of Global Data Protection Laws provides a survey of these regulations and is essential reading for any firm considering international expansion and partnerships. This paper is not exceedingly technical and the intended audience is directors or senior management.
|
|
|