Estimated reading time: 1 minute, 16 seconds

MBA Releases New White Paper: The Basic Components of an Information Security Program

WASHINGTON, D.C. (October 24, 2019) — The Mortgage Bankers Association (MBA) today released a new white paper, The Basic Components of an Information Security Program, which gives an overview of current information security risks that affect the mortgage industry, as well as explanations of basic components of an information security program intended to help manage those risks.

“MBA continues to be an advocate for our members on cybersecurity issues, and we’re committed to educating and helping mortgage businesses identify emerging information security threats,” said Rick Hill, Executive Vice President of MISMO ® and Vice President of Industry Technology at the Mortgage Bankers Association. “Our white paper gives mortgage professionals a better understanding of current risks, and offers high priority cybersecurity actions they can take to keep their information, systems and networks safe and secure.”

MBA’s white paper offers several recommendations for mortgage companies to consider when developing a cohesive information security program for their business. They include:

  • Reviewing current laws and regulations that focus on consumer and data privacy as well as vendor management;
  • Performing a risk assessment to better understand the current and potential information security threats that may impact the company;
  • Completing an asset inventory of company data, equipment, and software;
  • Having a plan for restoring business operations during or after a disaster or other business-impacting event;
  • Providing proper information security training to employees; and
  • Implementing a vendor risk management program that includes a list of vendor relationships and the risks posed by each vendor.

A copy of the white paper can be found here.

Read 2400 times
Rate this item
(0 votes)


PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.