May 2, 2014

Privacy and Regulatory

An effective security program does not equate to a solid privacy program. Implementing core privacy principles manage risk, and position your company to comply with related laws and regulations.

The Health Insurance Portability and Accountability Act (HIPAA), this regulation provides controls that must be followed by all organizations that work with the healthcare industry.  The Gramm-Leach-Bliley Act (GLBA) of 1999 was implemented by the Senate Banking Committee to help financial service organizations establish GLBA compliance information security programs that will identify, assess, manage, and control risks that may threaten customer information.

The PCI Data Security Standard was developed in 1999 by the major credit card brands, and is the compliance guideline for organizations to protect Cardholder Data. Personal Identification Number (PIN) activated transactions are switched through shared ATM and POS networks each year. The most common standard used to evaluate organizations who provide those services is the Technical Guide (TR-39, formerly known as TG-3) developed by ANSI as part of the X9 standards for financial institutions.

The North American Electric Reliability Corporation (NERC) published the Critical Infrastructure Protection (CIP) Standards for energy companies. Inside the CIP standards are the eight Cyber Security Standards that companies must be completely compliant to protect the nation’s energy grid via the internet.  The Federal Information Security Management Act (FISMA) was developed in 2002 to develop an information security program to protect assets and preserve economic and national security interests. The FISMA process draws from a variety of standards and frameworks including NIST and FIPS.

Click here for reuse options!
Copyright 2014 ECI Networks