Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Compliance

12:40 PM
Connect Directly
RSS
E-Mail
50%
50%

/articles/i/ad1835/blogs/information-technology/appro-wins-government-computing-contract.htm

Attorneys author compact guide for bankers' security concerns.

When it comes to information security, no amount of help is too small. That is why Thomas Vartanian, Robert Ledig and Mark Fajfar, three attorneys with New York-based law firm Fried, Frank, Harris, Shriver & Jacobson (www.friedfrank.com), authored the "Banker's Pocket Guide to Information Security."

The booklet—which is literally small enough to fit in your pocket—is designed to provide bankers with the essentials of IT security in an easy-access format. According to Mark Fajfar, a special counsel resident in the firm's Washington office and co-author, the guide fills a large hole in the financial services industry-- the gap between the breadth of regulatory guidance and legal precedents that could be applied in the field of information security, and "the feeling that there is little learning in this area," as expressed by Fried Frank's clients and others. "We felt that by laying out the basic guidance in a succinct fashion, all parties could see that, in fact, thought has been given to the difficult issues, and resources are available in crafting a sensible approach to information security questions," Fajfar explains.

Since directives in this area are somewhat scattered, and since the topic has such broad scope, Fajfar says the Pocket Guide was created to lay out the fundamentals of sound data security processes. "We thought it would be productive to begin with first principles in order to lay out a sensible approach for banks that would take into account the guidance that is available and would be adaptable as the guidance is refined," he says.

The book is primarily targeted at upper-to-middle managers in banks—those responsible for laying out security policies. Fajfar says the authors purposely avoided discussing "precise technical standards" and instead opted to take the approach of regulators, who typically speak to policies and procedures. "We are trying to assist bank management in deciding where to invest their time and attention, by highlighting those factors that will be relevant to the regulators, auditors ... and other third parties who will be examining their information security procedures," he remarks.

Fajfar says that although the book is essentially a summary of relevant regulatory guidance, the authors extracted certain themes to help readers more fully understand the origins of particular guidelines. "It is much easier to comply with a rule once one understands where it came from and what the rule-maker hopes to achieve from the rule," he says.

In addition to updating the Pocket Guide periodically, the authors will also make more timely information available on the firm's Web site, Fajfar notes.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.