[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 254
  • Last Modified:

Regulations for my organization

I have been at this job now for about a year. It's been a very crazy year. The guy before me left the network a mess. It was common for DNS issues the phone systems and other things to go down on a weekly basses. After getting the network stable and finally just rebuilding and upgrading the whole thing to 2003 windows and upgrading all the desktops to XP. I am now wondering what my 501c nonprofit organization that provides loan (so I'm guessing we're a financial institution) would fall under. I would like to know so that I can begin to work towards making sure we are following all regulations for our industry. Where can I find information about this or where can I go to find out what we should be following?
0
daviddvg1
Asked:
daviddvg1
  • 2
1 Solution
 
daviddvg1Author Commented:
Thanks. I know my accounting department is following this, but i've heard one of the VP's say that since we're 501c we don't need to. What must I do from an IT Dept point of view. Should i be archiving all email? should my servers be in lock down 24/7? I have a door w/ a lock on it to the servers, but know one knowes where keys maybe.
0
 
tillisoncCommented:
As a good practice from a security standpoint, I would recommend reviewing the SOX and other applicable regulations as they will help protect the organization from harm.  Most of these are guides to assist with best practice methods.

I would suggest that you contact SOX or someone outside of the organization and verify if they agree that you do or do not fall under this regulation because the organazation is a 501c and that you do not have to follow the SOX regulations.  I would actually be somewhat surprised that you would not have to follow them because you are handling finicail information.

In order to best protect the IT Staff, I would also suggest besides the SOX, review the NIST guidelines to help better protect your systems and ultimately yourselves.

http://csrc.nist.gov/publications/nistpubs/

If one where to follow the baseline for best router configuration practice, firewall, server, etc...This can only better prepare an organization for attacks in the future.  I have worked with one 501c and secured their network.  I believe because they were a 501 organization that is why we saw high volume of illegitimate traffic.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now