Here is GM's info on SIEM, see last paragraph. This is taken from a PDF I just got today. I am happy to forward to anyone if you want to email me at reduke at dukeauto dot com
The Gramm-Leach-Bliley Act Brief Overview
It is essential for Dealers to recognize that the application of the Act’s provisions extends well beyond depository institutions. Under the
Act, a financial institution is any business that engages in financial activities ranging from insurance brokerage to data processing to
automobile financing/leasing.
The Act specifically references automobile dealers that provide financing to their customers are subject to the Act’s Privacy and
Safeguard Rules. The Privacy Rule is intended to raise customer awareness of the different ways their non-public, personal information
may be used, and requires dealers to present certain paperwork on their information sharing policies, or information notices to the
customer during the information-gathering process.
The Safeguards Rule is intended to protect the financial institution’s customers from identity theft and other harm by requiring financial
institutions to assess their data and information from misappropriation, alteration, tampering, etc.
GM Dealer Computer Network Security & GLBA Compliance
Summary of GLBA Financial Privacy Rule Section 6801 – (b) Financial institutions safeguard
• To ensure the security and confidentiality of customer records and information
• To protect against any anticipated threats or hazards to the security or integrity of such records
• To protect against unauthorized access to or use of such records or information which could result in
substantial harm or inconvenience to any customer.
By implementing proper network security measures, dealerships can protect and properly respond to threats that can compromise their
network and customers’ information. Many dealerships utilize standard firewalls and antivirus for their desktops but the current threat of
network breaches demands a higher level of protection.
Compliant Security Measures as Outlined in the GM IT Guidelines
Network Security Device Features
Fully-managed security device that continually monitors threats through Intrusion Detection System “IDS” and Intrusion Prevention
System “IPS” and other mechanisms. A firewall should include the functionality listed below.
• Filter packets and protocols
• Antivirus Scanning
• Perform stateful inspection of connections
• Perform proxy operations on selected applications
• Report traffic allowed and denied by the firewall on a regular basis (i.e. monthly)
The firewall should be able to filter packets based on the following characteristics:
• Protocol, e.g. IP, ICMP
• Source and destination IP addresses
• Source and destination ports
• The appliance should perform real-time scanning of HTTP, SMTP,
and FTP traffic for malware, spy ware, and other intrusions.
Security Information and Event Management
Proactive, real-time event monitoring that utilizes a SIEM (Security Information and Event Management) tool. The SIEM needs to be
able to collect and collate the log data and security event data from the network in real-time, and be able to notify network administrator
in the case of a security event. The purpose of a SIEM is to aid in identifying or preventing an intrusion into your network. Immediate
response to a breach can greatly reduce or prevent data loss.
Note: Reactive management software is not to be confused with a proactive SIEM