Welcome to Scribd!

Chapter03-Maintaining Compliance

Uploaded by

0% found this document useful (0 votes)

10 views13 pages

The document discusses maintaining compliance. It defines compliance and lists several US laws related to compliance such as FISMA, HIPAA, GLBA, SOX, FERPA, and CIPA. It also outlines relevant regulations like the SEC, FDIC, DHS, FTC, state AGs, and US AG. The document recommends organizational policies for compliance including fiduciary responsibility, mandatory vacations, job rotation, separation of duties, and acceptable use. It concludes by listing several standards and guidelines for compliance including PCI DSS, NIST, GAISP, COBIT, ISO, IEC, ITIL, CMMI, and DIACAP.

Original Description:

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

10 views13 pages

Chapter03-Maintaining Compliance

Uploaded by

MHuy

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 13

Search inside document

Maintaining Compliance

Objectives

• What compliance is
• What US-based laws related to compliance exist
• What some relevant regulations related to compliance are
• What organizational policies for compliance should be
considered
• What standards and guidelines for compliance exist

http://fpt.edu.vn 16/05/2019 2
Compliance

• Companies affected by the laws are expected to comply with

the laws
– commonly referred to as compliance
• To ensure the companies remain in compliance with
relevant laws and regulations
– internal audits
– external audits

http://fpt.edu.vn 16/05/2019 3
US-based Laws

• Federal Information Security Management Act (FISMA)

2002
• Health Insurance Portability and Accountability Act (HIPAA)
1996
• Gramm-Leach-Bliley Act (GLBA) 1999

http://fpt.edu.vn 16/05/2019 4
US-based Laws (cont.)

• Sarbanes-Oxley Act (SOX) 2002

• Family Educational Rights and Privacy Act (FERPA) 1974
• Children’s Internet Protection Act (CIPA) 2000

http://fpt.edu.vn 16/05/2019 5
Regulations Related to Compliance

• Securities and Exchange Commission (SEC)

• Federal Deposit Insurance Corporation (FDIC)
• Department of Homeland Security (DHS)

http://fpt.edu.vn 16/05/2019 6
Regulations Related to Compliance (cont.)

• Federal Trade Commission (FTC)

• State Attorney General (AG)
• U.S. Attorney General (U.S. AG)

http://fpt.edu.vn 16/05/2019 7
Organizational Policies for Compliance

• Fiduciary responsibility (important)

• Mandatory vacations
• Job rotation
• Separation of duties
• Acceptable use

http://fpt.edu.vn 16/05/2019 8
Standards and Guidelines for Compliance

• Payment Card Industry Data Security Standard (PCI DSS)

• National Institute of Standards and Technology (NIST)
• Generally Accepted Information Security Principles (GAISP)

http://fpt.edu.vn 16/05/2019 9
Standards and Guidelines for Compliance (cont.)

• Control Objectives for Information and related Technology

(COBIT)
• International Organization for Standardization (ISO)
• International Electrotechnical Commission (IEC)

http://fpt.edu.vn 16/05/2019 10
Basic COBIT Principle

http://fpt.edu.vn 16/05/2019 11
Standards and Guidelines for Compliance (cont.)

• Information Technology Infrastructure Library (ITIL)

• Capability Maturity Model Integration (CMMI)
• Department of Defense (DoD) Information Assurance
Certification and Accreditation Process (DIACAP)

http://fpt.edu.vn 16/05/2019 12
ITIL Life Cycle

http://fpt.edu.vn 16/05/2019 13

Freedom of Information: Working Towards Compliance
From Everand
Freedom of Information: Working Towards Compliance
Liz Taylor
No ratings yet
Lect 03
Document14 pages
Lect 03
Nguyen Quoc Khai
No ratings yet
Hush SEO: Rising Through Ranks Amidst Privacy Laws
From Everand
Hush SEO: Rising Through Ranks Amidst Privacy Laws
Design Moves Marketing Studio
No ratings yet
IAPP Foundation Free Study Guide
Document13 pages
IAPP Foundation Free Study Guide
Renato Leite Monteiro
33% (3)
Cippe FSG November 2018 v1
Document14 pages
Cippe FSG November 2018 v1
abdulkadir mukaila
No ratings yet
Cippe FSG November 2018 v1
Document14 pages
Cippe FSG November 2018 v1
shrijit_s
No ratings yet
ACAMS Investigations Course Syllabus PDF
Document4 pages
ACAMS Investigations Course Syllabus PDF
RRT6068
No ratings yet
Cippe FSG 3.15.16
Document14 pages
Cippe FSG 3.15.16
Teo
67% (3)
Why We Did The Audit: Independent Evaluation of The FDIC's Information Security Program-2010
Document2 pages
Why We Did The Audit: Independent Evaluation of The FDIC's Information Security Program-2010
Tariqul Islam
No ratings yet
5 - ValorUsoStandares PDF
Document5 pages
5 - ValorUsoStandares PDF
elarmeniok
No ratings yet
Cippe FSG November 2018 v1
Document14 pages
Cippe FSG November 2018 v1
Bilge Guney
No ratings yet
Cloud Computing Primer
Document19 pages
Cloud Computing Primer
coachhand
No ratings yet
Week 6 Session1
Document57 pages
Week 6 Session1
amna zia
No ratings yet
Cyber Security Requirements For Institutions of Higher Education
Document34 pages
Cyber Security Requirements For Institutions of Higher Education
Asad Ullah
No ratings yet
Cippe FSG November 2018 v1
Document14 pages
Cippe FSG November 2018 v1
software manager
No ratings yet
IAPP Foundation Free Study Guide 2013
Document13 pages
IAPP Foundation Free Study Guide 2013
trap8ze
No ratings yet
Executive Office of The President Executive Office of The President
Document13 pages
Executive Office of The President Executive Office of The President
charlenezechender
No ratings yet
Laudon Mis16 PPT Ch04 KL CE
Document38 pages
Laudon Mis16 PPT Ch04 KL CE
Younglife Bangladesh
No ratings yet
Information Management Toolkit For Schools: Elizabeth - Barber@kent - Gov.uk
Document44 pages
Information Management Toolkit For Schools: Elizabeth - Barber@kent - Gov.uk
Vincent John Rigor
No ratings yet
Compliance Policy - ISP-S3 - V11
Document3 pages
Compliance Policy - ISP-S3 - V11
Henrique Guapo
No ratings yet
FI Health Regulatory Balaji Gopalan 20240407
Document12 pages
FI Health Regulatory Balaji Gopalan 20240407
Dominique Kim
No ratings yet
Week 3
Document15 pages
Week 3
Vanessa Puvimannasinghe
No ratings yet
Laudon Mis17 PPT ch04
Document38 pages
Laudon Mis17 PPT ch04
Samar sarahna
No ratings yet
2019 04 24 Gowling International Data Protection
Document45 pages
2019 04 24 Gowling International Data Protection
robin mehra
No ratings yet
Ethics and Privacy
Document22 pages
Ethics and Privacy
Mahmoud Nabil Al Hadad
No ratings yet
IAPP CERT Updates 091222
Document1 page
IAPP CERT Updates 091222
blackdogpk
No ratings yet
m1020012 Incits Ov Kate
Document44 pages
m1020012 Incits Ov Kate
Aditya Pratap Singh
No ratings yet
US Department of Commerce - Commerce Data Ethics Framework (2022)
Document9 pages
US Department of Commerce - Commerce Data Ethics Framework (2022)
mersenne2
No ratings yet
Tutorial Questions Chap 4
Document8 pages
Tutorial Questions Chap 4
Jane Susan Thomas
No ratings yet
Laudon Mis16 PPT ch04
Document38 pages
Laudon Mis16 PPT ch04
Vita Vitrianingrum
No ratings yet
GDPR For The Oracle DBA
Document34 pages
GDPR For The Oracle DBA
Abraham Dev Prasad
No ratings yet
Podcast Topics
Document1 page
Podcast Topics
swastik grover
No ratings yet
Ispp 24 Web Privacy Notices
Document4 pages
Ispp 24 Web Privacy Notices
balamurali_a
No ratings yet
Environmental Regulations - Practical Steps For Compliance (2009)
Document15 pages
Environmental Regulations - Practical Steps For Compliance (2009)
Nigel John Burtt
No ratings yet
AC 2019 - Preparation Guidelines PDF
Document11 pages
AC 2019 - Preparation Guidelines PDF
Lavenia Buce
No ratings yet
7.22.16 Presentation Slides
Document30 pages
7.22.16 Presentation Slides
buckybad2
No ratings yet
Sixteenth Edition - Global Edition: Ethical and Social Issues in Information Systems
Document33 pages
Sixteenth Edition - Global Edition: Ethical and Social Issues in Information Systems
aadhya gupta
No ratings yet
Ifrs in The United States
Document11 pages
Ifrs in The United States
Ali salameh
No ratings yet
Chapter 14
Document14 pages
Chapter 14
Tuyền Bích
No ratings yet
Information Security Plan Gramm Leach Bliley Compliance HIPAA Compliance PCI Compliance
Document6 pages
Information Security Plan Gramm Leach Bliley Compliance HIPAA Compliance PCI Compliance
Amir Diaa
No ratings yet
CDISC Italian User Network 2019: Milan, Italy - 22 February 2019
Document15 pages
CDISC Italian User Network 2019: Milan, Italy - 22 February 2019
egizio60
No ratings yet
Data Protection 4pm Tuesday 28 February: For The Education Sector
Document18 pages
Data Protection 4pm Tuesday 28 February: For The Education Sector
Amit
No ratings yet
Laws
Document44 pages
Laws
DAVID JOSUE TEJADA CALDERON
No ratings yet
E33 Data Protection Policy
Document3 pages
E33 Data Protection Policy
mirfieldfree
No ratings yet
Ethics in Information Technology, Fourth Edition: Privacy
Document42 pages
Ethics in Information Technology, Fourth Edition: Privacy
John Carlo Lalap
100% (1)
17.the Cost of Reading Privacy Policies
Document27 pages
17.the Cost of Reading Privacy Policies
Blayel Feliht
No ratings yet
Outline
Document4 pages
Outline
Guillen S. Dela Cruz
No ratings yet
ASCIP Data Privacy Procedures Version As of 5 04 2016
Document20 pages
ASCIP Data Privacy Procedures Version As of 5 04 2016
Juliet Autriz Faylogna
No ratings yet
Mapas Cluster
Document19 pages
Mapas Cluster
Alex Saavedra Fernández
No ratings yet
ICO Presentation - David Evans
Document21 pages
ICO Presentation - David Evans
AsemAlsofiany
No ratings yet
Legal, Ethical & Professional Issues in Information Security
Document33 pages
Legal, Ethical & Professional Issues in Information Security
Em Tadeo
No ratings yet
An Examination of Privacy Policies of Global University Web Sites
Document7 pages
An Examination of Privacy Policies of Global University Web Sites
Managing Editor Journal of Computing
No ratings yet
Ethical Issues
Document18 pages
Ethical Issues
eftychidis
No ratings yet
GDPR Project Plan
Document15 pages
GDPR Project Plan
Mav Dil
100% (1)
Bits - CM-HHSM ZC471 Management Information Systems
Document40 pages
Bits - CM-HHSM ZC471 Management Information Systems
rajpd28
No ratings yet
Thesis Outsourcing.
Document41 pages
Thesis Outsourcing.
jennylynsuarez08
100% (1)
KMIS 2018 Accomplishments (Summary)
Document2 pages
KMIS 2018 Accomplishments (Summary)
Airiz Casta
No ratings yet
Administrative Policy Handbook
Document5 pages
Administrative Policy Handbook
chellis4899
No ratings yet
Keeping Information Safe: Privacy and Security Issues: Intellectual Property Society
Document15 pages
Keeping Information Safe: Privacy and Security Issues: Intellectual Property Society
ipspat
No ratings yet
Chapter 4
Document42 pages
Chapter 4
dr.soufy.sy
No ratings yet
Digital Forensics and Networking
Document29 pages
Digital Forensics and Networking
MHuy
No ratings yet
Mobile Device Forensics - Part 2
Document27 pages
Mobile Device Forensics - Part 2
MHuy
No ratings yet
Mobile Device Forensics - Part 1
Document38 pages
Mobile Device Forensics - Part 1
MHuy
No ratings yet
Lect 10
Document36 pages
Lect 10
MHuy
No ratings yet
Lect 09
Document38 pages
Lect 09
MHuy
No ratings yet
Chapter02-Managing Risk-Threats, Vulnerabilities, and Exploits
Document12 pages
Chapter02-Managing Risk-Threats, Vulnerabilities, and Exploits
MHuy
No ratings yet
Chapter04-Developing A Risk Management Plan
Document14 pages
Chapter04-Developing A Risk Management Plan
MHuy
No ratings yet
Labs and Tools
Document49 pages
Labs and Tools
MHuy
No ratings yet
Lab-Project 7: Thumbnail Cache: What You Need For This Project
Document5 pages
Lab-Project 7: Thumbnail Cache: What You Need For This Project
MHuy
No ratings yet
1900 - John Burnet - The Ethics of Aristotle
Document593 pages
1900 - John Burnet - The Ethics of Aristotle
Roberto
No ratings yet
Leadership Theories, Styles and Skills
Document9 pages
Leadership Theories, Styles and Skills
Charles Sauer
0% (1)
Entropy-Conversation Demolitions v1
Document92 pages
Entropy-Conversation Demolitions v1
Charles Johnson
No ratings yet
Baricitinib
Document4 pages
Baricitinib
fitrirahmariani
No ratings yet
Fuel Consumption Parameters
Document8 pages
Fuel Consumption Parameters
danutspataru
No ratings yet
Csec Poa June 2015 p2
Document33 pages
Csec Poa June 2015 p2
goseinvarun
No ratings yet
GEA31885 TM2500 Brochure
Document8 pages
GEA31885 TM2500 Brochure
ryan23
No ratings yet
B2 Progress Test
Document3 pages
B2 Progress Test
Denisa Neagoe
No ratings yet
Ac 518 Budget Form
Document1 page
Ac 518 Budget Form
Jairus Adrian Vilbar
No ratings yet
Dynaudio Professional Air Manual English
Document129 pages
Dynaudio Professional Air Manual English
Eren Alemdar
No ratings yet
Milestone - Applied Statistics
Document2 pages
Milestone - Applied Statistics
Sachin Bhardwaj
No ratings yet
(Amaleaks - Blogspot.com) Programming (Prog-111) - Grade 11 Week 1-9
Document88 pages
(Amaleaks - Blogspot.com) Programming (Prog-111) - Grade 11 Week 1-9
john
No ratings yet
Marathon TX 1
Document12 pages
Marathon TX 1
alexandruyo
No ratings yet
Guide Top Solid'Quote 2011 Us
Document28 pages
Guide Top Solid'Quote 2011 Us
Kim
No ratings yet
Media and Information Literacy (Mil)
Document35 pages
Media and Information Literacy (Mil)
KENJI LLORANDO
No ratings yet
Batch Adsorption Process of Metals and Anions For Remediation of
Document331 pages
Batch Adsorption Process of Metals and Anions For Remediation of
Cesar Orlando Villalobos Hipolito
No ratings yet
Pre Requisite Programs Main Presentation
Document19 pages
Pre Requisite Programs Main Presentation
ASIF EJAZ
No ratings yet
Personal Business Loan Agreement PDF
Document16 pages
Personal Business Loan Agreement PDF
Vijay V Rao
No ratings yet
Nokia's Failure
Document11 pages
Nokia's Failure
Rohith Thampi
No ratings yet
Dwnload Full Abnormal Child Psychology 7th Edition Mash Test Bank PDF
Document35 pages
Dwnload Full Abnormal Child Psychology 7th Edition Mash Test Bank PDF
threnodyvoxlkio
100% (16)
2018-19 Busi 1360 Module Guide - See Page 33
Document49 pages
2018-19 Busi 1360 Module Guide - See Page 33
davie
No ratings yet
Wauu (MKW) - Rendani
Document3 pages
Wauu (MKW) - Rendani
Abang Fayyad
No ratings yet
Problem 1.6
Document1 page
Problem 1.6
Samer
No ratings yet
CSWIP Welding Inspection Notes and Questions
Document132 pages
CSWIP Welding Inspection Notes and Questions
fahreez
No ratings yet
FA2 Syllabus and Study Guide 2021-22
Document11 pages
FA2 Syllabus and Study Guide 2021-22
Aleena Muhammad
No ratings yet
Customer Relationship Management and Customer Experience
Document43 pages
Customer Relationship Management and Customer Experience
Yusrah Jber
No ratings yet
10.0 Troubleshooting Gas Dehydration Operational Problems: F P C C A
Document7 pages
10.0 Troubleshooting Gas Dehydration Operational Problems: F P C C A
Hiep Le
No ratings yet
BC A Syl Lab Us and Curriculum
Document47 pages
BC A Syl Lab Us and Curriculum
Ritik kumar
No ratings yet
R43-En - 03-04-2017 - Seria 01
Document200 pages
R43-En - 03-04-2017 - Seria 01
Justyna Maciejak
No ratings yet
Filter Command Unix
Document13 pages
Filter Command Unix
Amit Patel
No ratings yet