Solved

IT Resources for Regulatory/Legal Requirements

Posted on 2013-12-02
3
402 Views
Last Modified: 2014-03-03
Apologies if this is not appropriate , but need some advice/recommendations on possible sources/websites to review/monitor possible regulatory/legal issue and or requirements for Information Security/IT Managment
0
Comment
Question by:schuitkds
3 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39691758
Anything you get online is going to be half-baked at best.  Contact an attorney for your state/country.  Regulatory and legal advice offered here will most certainly not be considered a valid defense if you do something you shouldn't have.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39692205
You can find what you need online, but you need to know the industry, the locality and have a good idea about security before hand. If your company/Client is in the Health Care business, they are subject to HIPAA. If you're company/client is publicly traded in the US, they are bound by SOX, if your company/client does credit card processing or the storing of CC info then PCI-DSS needs to be looked into (worldwide). Then there are breach reporting laws like those in California and other states.
That last link is helpful for some US State laws.
http://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspx
Wikipedia has a good entry for Personally Identifiable Information: http://en.wikipedia.org/wiki/Personally_identifiable_information#United_States_of_America
-rich
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39692371
This link has good summary and can differs from country, it does set some good fundamental ground of understanding as other take references and learn from it as well.

1) Broadly applicable laws and regulations includes:
Sarbanes-Oxley Act (SOX);
Payment Card Industry Data Security Standard (PCI DSS);
Gramm-Leach-Bliley Act (GLB) Act;
Electronic Fund Transfer Act, Regulation E (EFTA);
Customs-Trade Partnership Against Terrorism (C-TPAT);
Free and Secure Trade Program (FAST);
Children's Online Privacy Protection Act (COPPA);
Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule;
Federal Rules of Civil Procedure (FRCP)

2) Industry-specific guidelines and requirements includes:
Federal Information Security Management Act (FISMA);
North American Electric Reliability Corp. (NERC) standards;
Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records;
Health Insurance Portability and Accountability Act (HIPAA);
The Health Information Technology for Economic and Clinical Health Act (HITECH);
Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule);
H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation

3) Key state laws includes:
Massachusetts 201 CMR 17 (aka Mass Data Protection Law);
Nevada Personal Information Data Privacy Encryption Law NRS 603A

4) International laws includes:
Personal Information Protection and Electronic Documents Act (PIPED Act, or PIPEDA)—Canada;
Law on the Protection of Personal Data Held by Private Parties—Mexico;
European Union Data Protection Directive; Safe Harbor Act

I do also see  ISO 27001 standard itself "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)". It is widely adopted globally as baseline standard as well as COBIT (from ISACA) on Framework for IT Governance and Control

http://www.27000.org/iso-27001.htm
http://www.isaca.org/knowledge-center/cobit/Pages/Overview.aspx
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now