Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

Published byTracy Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,"— Presentation transcript:

1 INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

2 Over view aids organizations comply with interagency guidelines on information security standards organization summarizes its obligations to protect stakeholders information numerous federal, state and international regulations on the protection of information enforcement agencies and auditors must accept best practices for guidance that require written policies. 2

3 Goals of the security standards and guidelines establishment and implementation of controls maintaining, protecting and asses compliance issues identify and remediate vulnerabilities and deviations Provide reporting that can prove the organizations compliance. 3

4 Laws and regulation affecting security regulation compliance. The Federal Information Security Management Act (FISMA) ►The head of each [Federal] agency shall delegate to the agency Chief Information Officer ensuring that the agency effectively implements and maintains information security policies, procedures, and control techniques;” Sarbanes-Oxley the Sarbanes-Oxley Act of 2002 (SOX). ► Management's Responsibility for Policies 4

5 Laws and regulation affecting security regulation compliance. The Gramm-Leach-Bliley Act (GLBA) ►Each Bank shall implement a comprehensive written information security program [policies] that includes administrative, technical and physical safeguards.” Payment Card Industry Data Security Standard (PCIDSS). ►the program is intended to protect cardholder data wherever it resides by ensuring that members, merchants and service providers maintain the highest information security standard 5

6 Laws and regulation affecting security regulation compliance. Health Insurance Portability and Accountability Act (HIPAA) ►Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart. Intellectual property law ►for securing and enforcing legal rights to inventions, designs and artistic works. 6

7 security methods and controls that need to be implemented latest and ongoing knowledge of attack sources scenarios and techniques. up to date equipment inventories and network maps. rapid detection and response capability to react to newly discovered vulnerabilities Risk assessment 7

8 security methods and controls that need implementation Network access controls over both internal and external connections harden their systems prior to placing them in a production environment. malicious codes mitigation physical access control policy and procedures on user enrollment, change and termination procedures 8

9 security methods and controls that need implementation processes to identify, monitor and address training needs →Technical training →Security awareness training →Compliance training →Audit training testing plan that identifies control objectives. →audit →security assessments →vulnerability scans →penetration tests. 9

10 Inter-agency guidelines and compliance ■categorization of information to be protected ■Refining of controls using a risk assessment procedure. ■documentation of controls in the system security plan ■Access the effectiveness of the controls once they have been implemented 10

11 interagency guidelines and compliance ■implementation of security controls in appropriate information systems ■authorization of the information systems of processing and monitoring of the security controls on a continuous basis ■Provision of minimum baseline controls standards ■determination of agency level risk to the mission or business case 11

12 references Gross, H. (1964). Privacy - its legal protection. New York, N.Y: Dobbs Ferry - Oceana Publications. Bygrave, L. A. (2002). Data protection law: Approaching its rationale, logic and limits. The Hague [u.a.: Kluwer Law International. Brotby, W. K. (2009). Information security governance: A practical development and implementation approach. Hoboken, N.J: John Wiley & Sons. Von, S. S. H., & Von, S. R. (2009). Information security governance. New York: Springer. Meyler, K. (2013). System Center 2012 Configuration Manager unleashed. Indianapolis, Ind: Sams. Posthumus, S. M. (2006). Corporate information risk: An information security governance framework 12

Download ppt "INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
EMS Checklist (ISO model)

EMS Checklist (ISO model)
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
The Regulation Zoo: Dealing With Compliance Within The Firewall World

The Regulation Zoo: Dealing With Compliance Within The Firewall World
Recent IT Security Breaches & How Organizations Prepare Evan McGrath Spohn Consulting May 23, 2015.

Recent IT Security Breaches & How Organizations Prepare Evan McGrath Spohn Consulting May 23, 2015.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)

Similar presentations

Ads by Google