Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:50 PM
Connect Directly

Infosec Help Right in Your Pocket

Attorneys author compact guide for bank security concerns.

When it comes to information security, no amount of help is too small. That is why Thomas Vartanian, Robert Ledig and Mark Fajfar -- attorneys with New York-based law firm Fried, Frank, Harris, Shriver & Jacobson -- authored the "Banker's Pocket Guide to Information Security."

The booklet -- which literally is small enough to fit in a pocket -- is designed to provide bankers with the essentials of IT security in an easy-access format. According to Fajfar, a special counsel resident in the firm's Washington, D.C., office, the guide fills a large hole in the financial services industry -- the gap between the breadth of regulatory guidance and legal precedents that could be applied in the field of information security, and "the feeling that there is little learning in this area," as expressed by the firm's clients and others. "We felt that by laying out the basic guidance in a succinct fashion, all parties could see that, in fact, thought has been given to the difficult issues, and resources are available in crafting a sensible approach to information security questions," Fajfar explains.

The Fundamentals

Since directives in this area are somewhat scattered and the topic has such broad scope, Fajfar says, the "Pocket Guide" was created to lay out the fundamentals of sound data security processes. Included in the guide is a summary of the laws as they relate to information security, tips on how to implement smart IT security policies and suggestions on how financial institutions should handle third parties that have access to their data.

The booklet primarily is targeted at upper to middle managers in banks -- those responsible for laying out security policies. According to Fajfar, he and the other authors purposely avoided discussing "precise technical standards" and instead opted to take the approach of regulators, who typically speak to policies and procedures. "We are trying to assist bank management in deciding where to invest their time and attention by highlighting those factors that will be relevant to the ... third parties who will be examining their information security procedures," he remarks.

Fajfar adds that although the book is essentially a summary of relevant regulatory guidance, the authors extracted certain themes to help readers more fully understand the origins of particular guidelines. "It is much easier to comply with a rule once one understands where it came from and what the rule maker hopes to achieve from the rule," he explains.

In addition to updating the "Pocket Guide" periodically, the authors also will make more-timely information available on the firm's Web site,, Fajfar notes.

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.