[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

IT Resources for Regulatory/Legal Requirements

Posted on 2013-12-02
3
Medium Priority
?
434 Views
Last Modified: 2014-03-03
Apologies if this is not appropriate , but need some advice/recommendations on possible sources/websites to review/monitor possible regulatory/legal issue and or requirements for Information Security/IT Managment
0
Comment
Question by:schuitkds
3 Comments
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 39691758
Anything you get online is going to be half-baked at best.  Contact an attorney for your state/country.  Regulatory and legal advice offered here will most certainly not be considered a valid defense if you do something you shouldn't have.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39692205
You can find what you need online, but you need to know the industry, the locality and have a good idea about security before hand. If your company/Client is in the Health Care business, they are subject to HIPAA. If you're company/client is publicly traded in the US, they are bound by SOX, if your company/client does credit card processing or the storing of CC info then PCI-DSS needs to be looked into (worldwide). Then there are breach reporting laws like those in California and other states.
That last link is helpful for some US State laws.
http://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspx
Wikipedia has a good entry for Personally Identifiable Information: http://en.wikipedia.org/wiki/Personally_identifiable_information#United_States_of_America
-rich
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39692371
This link has good summary and can differs from country, it does set some good fundamental ground of understanding as other take references and learn from it as well.

1) Broadly applicable laws and regulations includes:
Sarbanes-Oxley Act (SOX);
Payment Card Industry Data Security Standard (PCI DSS);
Gramm-Leach-Bliley Act (GLB) Act;
Electronic Fund Transfer Act, Regulation E (EFTA);
Customs-Trade Partnership Against Terrorism (C-TPAT);
Free and Secure Trade Program (FAST);
Children's Online Privacy Protection Act (COPPA);
Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule;
Federal Rules of Civil Procedure (FRCP)

2) Industry-specific guidelines and requirements includes:
Federal Information Security Management Act (FISMA);
North American Electric Reliability Corp. (NERC) standards;
Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records;
Health Insurance Portability and Accountability Act (HIPAA);
The Health Information Technology for Economic and Clinical Health Act (HITECH);
Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule);
H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation

3) Key state laws includes:
Massachusetts 201 CMR 17 (aka Mass Data Protection Law);
Nevada Personal Information Data Privacy Encryption Law NRS 603A

4) International laws includes:
Personal Information Protection and Electronic Documents Act (PIPED Act, or PIPEDA)—Canada;
Law on the Protection of Personal Data Held by Private Parties—Mexico;
European Union Data Protection Directive; Safe Harbor Act

I do also see  ISO 27001 standard itself "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)". It is widely adopted globally as baseline standard as well as COBIT (from ISACA) on Framework for IT Governance and Control

http://www.27000.org/iso-27001.htm
http://www.isaca.org/knowledge-center/cobit/Pages/Overview.aspx
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses
Course of the Month19 days, 23 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question