1

Week 1 Assignment

American Military University

ISSC471, IT Security: Auditing

Naeem Musa

10 October 2021

This study source was downloaded by 100000865292613 from CourseHero.com on 05-04-2023 00:25:54 GMT -05:00

https://www.coursehero.com/file/136429726/Assignment-1docx/
 REGULATORY REQUIREMENTS 2

Public vs Private Sector

When comparing both the public and private sectors it is important to note all things

should be consulted with or discussed with a legal professional. IT departments are comprised of

IT professionals and that means they know things IT and not legal (Weiss. Chapter 2 Overview

of U.S. Compliance Laws. Jones & Bartlett Learning). There are many things to consider when

discussing regulatory requirements as there are state, federal, and worldwide regulations and

compliance methodologies. While there are many things that overlap it is important to identify

some of the more public or private sector specifics. Let’s look at some of them that fall under

each sector.

Public Sector

 Children’s Internet Protection Act (CIPA): Organizations that use the E-Rate program

such as public libraries and schools are required to follow CIPA. CIPA is to ensure

children can’t access inappropriate and harmful material on the internet (Children's

Internet Protection Act (CIPA), 2020).

Private Sector

 Sarbanes-Oxley Act (SOX): Consists of 11 titles that was intended to protect investors

from fraud.

 Gramm-Leach-Bliley Act: Requires financial institutions such as banks to provide

detailed information-sharing practices as well as protecting customer PII.

Public and Private Sector

 Health Insurance Portability and Accountability Act (HIPAA): HIPAA was

established to protect and prevent over sharing of PHI.

This study source was downloaded by 100000865292613 from CourseHero.com on 05-04-2023 00:25:54 GMT -05:00

https://www.coursehero.com/file/136429726/Assignment-1docx/
 REGULATORY REQUIREMENTS 3

 Family Education Rights and Privacy Act (FERPA): FERPA grants parents or parental

custodians the right to student education records.

 Payment Card Industry Data Security Standards (PCI DSS): PCI DSS provides

guidance regarding storing, processing, and transmitting card payment data.

 Federal Information Security Management Act (FISMA): Provides regulatory

guidance that isn’t and can’t be covered by National Institute of Standards and

Technology (NIST). It was created to require federal agencies to develop, document, and

implement IT security and protection programs (What is FISMA Compliance?

Regulations and Requirements | Varonis, 2020).

Conclusion

In this paper we have offered up many different regulatory requirements based on

whether they fall under the public or private sector and in some cases, it could be argued

that it falls into both. This only scratches the surface are there are many regulations that

fall under each of these acts. It is critical to ensure that both IT and legal professionals

have open lines of communication to ensure organizations are always in compliance to

avoid penalty and hefty fines.

This study source was downloaded by 100000865292613 from CourseHero.com on 05-04-2023 00:25:54 GMT -05:00

https://www.coursehero.com/file/136429726/Assignment-1docx/
 REGULATORY REQUIREMENTS 4

References:

Children's Internet Protection Act (CIPA). (2020, April 28). Retrieved from
https://www.fcc.gov/consumers/guides/childrens-internet-protection-act

Weiss. Chapter 2 Overview of U.S. Compliance Laws. Jones & Bartlett Learning. Retrieved
from https://learning-oreilly-com.ezproxy1.apus.edu/library/view/auditing-it-
infrastructures/9781284090703/xhtml/10_Chapter02.xhtml#ch2-1
What is FISMA Compliance? Regulations and Requirements | Varonis. (2020, March 29).
Retrieved from https://www.varonis.com/blog/fisma-compliance

This study source was downloaded by 100000865292613 from CourseHero.com on 05-04-2023 00:25:54 GMT -05:00

https://www.coursehero.com/file/136429726/Assignment-1docx/
Powered by TCPDF (www.tcpdf.org)