Add to ORKGThis paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Conducting an electronic information risk assessment for Gramm-Leach-Bliley Act compliance. To obtain compliance with the new Gramm-Leach-Bliley privacy regulations, financial institutions need to identify vulnerabilities in electronic systems, assess likelihood and impact of threats, and assess sufficiency of controls to mitigate those risks. In response to these new regulations, I developed a process for conducting an electronic risk assessment in accordance with GLBA, and used it to conduct a risk assessment for Johnson Financial Group. The process involves listing each technology and vendor service and ca... Copyright ...