Regulations for my organization

I have been at this job now for about a year. It's been a very crazy year. The guy before me left the network a mess. It was common for DNS issues the phone systems and other things to go down on a weekly basses. After getting the network stable and finally just rebuilding and upgrading the whole thing to 2003 windows and upgrading all the desktops to XP. I am now wondering what my 501c nonprofit organization that provides loan (so I'm guessing we're a financial institution) would fall under. I would like to know so that I can begin to work towards making sure we are following all regulations for our industry. Where can I find information about this or where can I go to find out what we should be following?
daviddvg1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

daviddvg1Author Commented:
Thanks. I know my accounting department is following this, but i've heard one of the VP's say that since we're 501c we don't need to. What must I do from an IT Dept point of view. Should i be archiving all email? should my servers be in lock down 24/7? I have a door w/ a lock on it to the servers, but know one knowes where keys maybe.
tillisoncCommented:
As a good practice from a security standpoint, I would recommend reviewing the SOX and other applicable regulations as they will help protect the organization from harm.  Most of these are guides to assist with best practice methods.

I would suggest that you contact SOX or someone outside of the organization and verify if they agree that you do or do not fall under this regulation because the organazation is a 501c and that you do not have to follow the SOX regulations.  I would actually be somewhat surprised that you would not have to follow them because you are handling finicail information.

In order to best protect the IT Staff, I would also suggest besides the SOX, review the NIST guidelines to help better protect your systems and ultimately yourselves.

http://csrc.nist.gov/publications/nistpubs/

If one where to follow the baseline for best router configuration practice, firewall, server, etc...This can only better prepare an organization for attacks in the future.  I have worked with one 501c and secured their network.  I believe because they were a 501 organization that is why we saw high volume of illegitimate traffic.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.