Solved

IT Resources for Regulatory/Legal Requirements

Posted on 2013-12-02
3
415 Views
Last Modified: 2014-03-03
Apologies if this is not appropriate , but need some advice/recommendations on possible sources/websites to review/monitor possible regulatory/legal issue and or requirements for Information Security/IT Managment
0
Comment
Question by:schuitkds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39691758
Anything you get online is going to be half-baked at best.  Contact an attorney for your state/country.  Regulatory and legal advice offered here will most certainly not be considered a valid defense if you do something you shouldn't have.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39692205
You can find what you need online, but you need to know the industry, the locality and have a good idea about security before hand. If your company/Client is in the Health Care business, they are subject to HIPAA. If you're company/client is publicly traded in the US, they are bound by SOX, if your company/client does credit card processing or the storing of CC info then PCI-DSS needs to be looked into (worldwide). Then there are breach reporting laws like those in California and other states.
That last link is helpful for some US State laws.
http://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspx
Wikipedia has a good entry for Personally Identifiable Information: http://en.wikipedia.org/wiki/Personally_identifiable_information#United_States_of_America
-rich
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39692371
This link has good summary and can differs from country, it does set some good fundamental ground of understanding as other take references and learn from it as well.

1) Broadly applicable laws and regulations includes:
Sarbanes-Oxley Act (SOX);
Payment Card Industry Data Security Standard (PCI DSS);
Gramm-Leach-Bliley Act (GLB) Act;
Electronic Fund Transfer Act, Regulation E (EFTA);
Customs-Trade Partnership Against Terrorism (C-TPAT);
Free and Secure Trade Program (FAST);
Children's Online Privacy Protection Act (COPPA);
Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule;
Federal Rules of Civil Procedure (FRCP)

2) Industry-specific guidelines and requirements includes:
Federal Information Security Management Act (FISMA);
North American Electric Reliability Corp. (NERC) standards;
Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records;
Health Insurance Portability and Accountability Act (HIPAA);
The Health Information Technology for Economic and Clinical Health Act (HITECH);
Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule);
H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation

3) Key state laws includes:
Massachusetts 201 CMR 17 (aka Mass Data Protection Law);
Nevada Personal Information Data Privacy Encryption Law NRS 603A

4) International laws includes:
Personal Information Protection and Electronic Documents Act (PIPED Act, or PIPEDA)—Canada;
Law on the Protection of Personal Data Held by Private Parties—Mexico;
European Union Data Protection Directive; Safe Harbor Act

I do also see  ISO 27001 standard itself "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)". It is widely adopted globally as baseline standard as well as COBIT (from ISACA) on Framework for IT Governance and Control

http://www.27000.org/iso-27001.htm
http://www.isaca.org/knowledge-center/cobit/Pages/Overview.aspx
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question