The Mortgage Bankers Association (MBA) has released a new white paper, “The Basic Components of an Information Security Program,” that discusses the information security risks facing the mortgage industry and the basic security practices necessary to help mitigate the risks. The report was authored by members of the MBA Residential Technology Forum (RESTECH) Information Security Workgroup and is intended to assist small and medium-sized entities that might need help in understanding and managing security risk.
“We realized that smaller firms might not have enough resources or expertise to be kept abreast of the rapidly changing risks” said Shawn Malone, vice president of Business Compliance at Radian Group and chair of the RESTECH Information Security Workgroup. “Thus, our workgroup identified a need for a security guide that non-technical individuals could utilize to help improve the security of their organization.”
Although all security risks are important, the paper highlights the most critical areas of focus.
“A risk-based approach is the most effective way to understand and implement an effective information security program,” said Robb Reck, chief information Security Officer for Pulte Mortgage and the Vice Chair of the Information Security Workgroup. “This paper identifies those critical risks and offers suggestions for how to mitigate them. Our hope is that by providing this information, companies will be able to more rapidly mature their security practices.”
The white paper notes that the financial services industry has been designated as one of the six critical infrastructure sectors in the United States because of the value of its data as a target for criminals and other bad actors. The report outlines practical steps that MBA members can take to mitigate information security risk.
“MBA continues to increase the breadth and depth of information security resources available to our members,” said Rick Hill, vice president for Industry Technology at the MBA. “Chief executives, board members, risk managers and everyone across the organization are part of managing risk. Individuals in these roles should note that regulators are expecting their involvement in the development and oversight of corporate risk management programs. MBA will continue to develop resources to help companies navigate through the security risks facing our industry.”