03:50 PM
Connect Directly

Infosec Help Right in Your Pocket

Attorneys author compact guide for bank security concerns.

When it comes to information security, no amount of help is too small. That is why Thomas Vartanian, Robert Ledig and Mark Fajfar -- attorneys with New York-based law firm Fried, Frank, Harris, Shriver & Jacobson -- authored the "Banker's Pocket Guide to Information Security."

The booklet -- which literally is small enough to fit in a pocket -- is designed to provide bankers with the essentials of IT security in an easy-access format. According to Fajfar, a special counsel resident in the firm's Washington, D.C., office, the guide fills a large hole in the financial services industry -- the gap between the breadth of regulatory guidance and legal precedents that could be applied in the field of information security, and "the feeling that there is little learning in this area," as expressed by the firm's clients and others. "We felt that by laying out the basic guidance in a succinct fashion, all parties could see that, in fact, thought has been given to the difficult issues, and resources are available in crafting a sensible approach to information security questions," Fajfar explains.

The Fundamentals

Since directives in this area are somewhat scattered and the topic has such broad scope, Fajfar says, the "Pocket Guide" was created to lay out the fundamentals of sound data security processes. Included in the guide is a summary of the laws as they relate to information security, tips on how to implement smart IT security policies and suggestions on how financial institutions should handle third parties that have access to their data.

The booklet primarily is targeted at upper to middle managers in banks -- those responsible for laying out security policies. According to Fajfar, he and the other authors purposely avoided discussing "precise technical standards" and instead opted to take the approach of regulators, who typically speak to policies and procedures. "We are trying to assist bank management in deciding where to invest their time and attention by highlighting those factors that will be relevant to the ... third parties who will be examining their information security procedures," he remarks.

Fajfar adds that although the book is essentially a summary of relevant regulatory guidance, the authors extracted certain themes to help readers more fully understand the origins of particular guidelines. "It is much easier to comply with a rule once one understands where it came from and what the rule maker hopes to achieve from the rule," he explains.

In addition to updating the "Pocket Guide" periodically, the authors also will make more-timely information available on the firm's Web site,, Fajfar notes.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.