N ote note as mentioned before privacy is being dealt

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: and monitored. • Security systems and processes must be regularly tested. • A policy must be maintained that addresses information security. PCI DSS is a private-sector industry initiative. It is not a law. Noncompliance or violations of the PCI DSS may result in financial penalties or possible revocation of merchant status within the credit card industry, but not jail time. However, Minnesota became the first state to mandate PCI compliance as a law, and other states, as well as the United States federal government, are implementing similar measures. N OTE NOTE As mentioned before, privacy is being dealt with through laws, regulations, self-regulations, and individual protection. PCI is an example of a self-regulation approach. It is not a regulation that came down from the government and that is being governed by a government agency. It is an attempt by the credit card companies to reduce fraud and govern themselves so the government does not have to get involved. ch10.indd 871 12/4/2009 11:39:09 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 872 The Computer Security Act of 1987 The Computer Security Act of 1987 requires U.S. federal agencies to identify computer systems that contain sensitive information. The agency must develop a security policy and plan for each of these systems and conduct periodic training for individuals who operate, manage, or use these systems. Federal agency employees must be provided with security-awareness training and be informed of how the agency defines acceptable computer use and practices. Because the U.S. federal government deals with a lot of important, confidential, and secret information, it wants to make sure all individuals and systems within all federal government agencies meet a certain level of awareness and protection. The Economic Espionage Act of 1996 Prior to 1996, industry and corporate espionage was taking place with no real guidelines for who could properly investigate the events....
View Full Document

This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.

Ask a homework question - tutors are online