Course Hero Logo

Day4 Compliance and Controls.pdf - Controls and Compliance...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 3 out of 6 pages.

Important ActsComputer Security Act of 1987Reagan, 100th Congress pushed it throughImproved security at the federal levelNational Bureau of Standards (NBS)NBS => NIST (National Institute of Standards in Technology)General Data Protection Regulation (GDPR)Personal data cannot be collected, processed, or retained w/o the individuals consentProvides the right for an individual to withdraw consent, inspect or erase data about themRequire dissemination of a breach within 72hrsSarbanes-Oxley Act (SOX)Storage and retention requirements for anything relating to financial and business, tradingStorage - Keeping the dataRetention - How long you keep it, how you keep itGramm-Leach-Bliley Act (GLBA)Requirements to help protect the individuals privacy relating to financial informationFederal Information Security Act (FISMA)The requirements forfederalorgs to adapt specific information assurance controlsHealth Insurance Portability and Accountability Act (HIPAA)Requirement to help protect individuals private medical informationTypes of Sensitive InformationPII (Personally Identifiable Information)Info that distinguishes or traces the identityExamplesSocBiometricsPI (Personal Info)Includes PII, but broaderIncludes anything that relates to, describes, or associates with an individualExamplesPhotosBeliefsIP addressPHI (Protected Health Info)Regulated by HIPAAMedical info identifying an individualPCI DSS (Payment Card Industry Data Security Standard)Standards for handling and retentionNot regulationControls and ComplianceThursday, September 29, 20228:37 AM
Security Controls (NIST 800-53 Rev5)3 CategoriesPhysical/Technical (What?)CIAa.Firewalls, IDS/IPS, Access Controlb.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 6 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
Alfredo Perez
Tags
Information Security, Computer Security, Payment Card Industry Data Security Standard

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture