compliance management n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Compliance Management PowerPoint Presentation
Download Presentation
Compliance Management

Loading in 2 Seconds...

play fullscreen
1 / 21

Compliance Management - PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on

Compliance Management. Instruction Objectives. Understand the role of IT policy Define compliance Identify key security components of IA regulation Explore the impact of standards on policy. Overview. The role of policy in Information Assurance Regulatory inputs to organizational policy

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Compliance Management


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Compliance Management

    2. Instruction Objectives • Understand the role of IT policy • Define compliance • Identify key security components of IA regulation • Explore the impact of standards on policy

    3. Overview • The role of policy in Information Assurance • Regulatory inputs to organizational policy • Standards inputs to organizational policy

    4. Role of Policy • Policy – the foundation of Cyber Security

    5. Policy Development • Policy is not developed in a vacuum • Various influences • Standards, Guidelines • Law • Organizational goals: Profit, service, etc.

    6. Law and Regulation • Legislative trends • Laws impacting IT: • HIPAA, GLBA, SOX, FISMA • States • Standards: • International • National – NIST

    7. Federal Trends • As technology solutions expand, regulations will grow to protect citizens

    8. HIPAA • Health Insurance Portability and Accountability Act of 1996 • Mandates the development of a healthcare information exchange standard • Requires accountability for the protection of Individually Identifiable Health Information

    9. HIPAA • Standards for Electronic Transactions • Unique Identifiers Standard • Security Rule • Privacy Rule

    10. HIPAA • §164.308 – Administrative safeguards • Security management process: Implement policies and procedures to prevent, detect, contain, and correct security violations • Risk analysis • Risk Management • Sanction Policy • Information systems activity review • Assigned Security Responsibility • Workforce security • Information access management • Security awareness and training • Security reminders • Protection from malicious software • Log-in monitoring • Password management • Security incident procedures • Contingency plan

    11. Graham-Leach-Bliley • Financial Services Modernization Act of 1999 • Updates regulation of the Financial Services industry • TITLE V – Privacy • Mandates publication of Privacy Policy

    12. Sarbanes-Oxley Act • Corporate regulation to ensure accurate publication of financial information • Adds a requirement to audit internal controls • Internal controls = Information Assurance Policies • Formal, auditable policies and practices

    13. FISMA • Federal Information Security Management Act of 2002 • Provides a common security framework for all federal agencies • Decentralized implementation • Generic Federal Template

    14. Generic Federal Template • Mandate electronic interaction • Assign information security responsibility • Assess information security risks • Implement risk-mitigating controls • Train personnel • Report compliance assessment

    15. State Laws • CA 1386 – Mandates disclosure of security breach • Other – Identity Theft, SSNs, Spyware • Resource: National Council of State Legislatures (www.ncsl.org)

    16. Standards • ISO 17799 • Security Policy • System Access Control • Computer and Operations Management • System Development and Maintenance • Physical and Environmental Security • Compliance • Personnel Security • Security Organization • Asset Classification and Control • Business Continuity Management

    17. Standards • NIST – National Institute of Standards and Technology • Publications • ITL Bulletins • FIPS publications • Special publications

    18. Standards Sample • NERC – North American Electricity Reliability Cooperative • Thorough standard for information security policy and compliance • Focuses on Responsibility and Accountability

    19. Standards Sample

    20. Standards Sample

    21. Summary • Legislation tends toward accountability and responsibility. • Many major industries have been required to formalize information security management. • Standards often provide peer-accountability. • These inputs help drive organizational policy.