Criado por jnkdmls
quase 9 anos atrás
|
||
Points of Vulnerability
Wireless Challenges
Intrusions
Japan - PIP
(Personal Information Protection Act)
Effective:
May 2003
Compliance:
May 2005
Canada - PIPEDA
(Personal Information Protection & Electronic Document Act)
Effective:
April 2000
Compliance:
January 2004
10 FIPs
(Fair Information Principles)
Australia - FPA
(Federal Privacy Act)
Effective:
December 2001
11 IPPs
(Information Privacy Principles)
10 NPPs
(National Privacy Principles)
European Union - DPD
(Data Protection Directive)
Effective:
October 1995
United Kingdom
The Turnbull Guidance
(Internal Control: Guidance for Directors on the Combined Code)
Effective:
December 2000
United Kingdom - DPA
(Data Protection Act)
Effective:
1998
United Kingdom F of IA
(Freedom of Information Act)
Compliance:
January 2005
United States - GLB Act
(Gramm-Leach-Bliley Act)
Effective:
November 1999
United States - 21 CFR Part 11
(Title 21 of the
US Code of Federal Regulations
Part 11)
Published:
August 2003
NERC's - CSS
North American Electric Reliability Council
Cyber Security Standards
Critical Infrastructure Protection (CIP)
Deter and Detect Attacks
SOX Penalties
(for knowingly signing
a false financial report)
SOX Titles and Sections
Title I
Title II
Title III
Title IV
Title V
Title VI
Title VII
Title VIII
Title IX
Title X
Title XI
Section 302
Section 404
Section 409
Public Company Accounting
Oversight Board
(PCAOB)
The Securities and Exchange Commission (SEC)
COSO
5 Aspects of effective internal controls
Complementary to COSO
COBIT
5 Domains
COBIT
(1)
Align, Plan, & Organize
(APO)
COBIT
(2)
Build, Acquire, & Implement
(BAI)
COBIT
(3)
Deliver, Service, & Support
(DSS)
COBIT
(4)
Monitor, Evaluate, & Assess
(MEA)
COBIT
(5)
Evaluate, Direct, & Monitor
(EDM)
COBIT Security Objectives
37 Steps
Payment Card Industry (PCI)
Data Security Standard (DSS)
PCI Penalties
12 PCI DSS Requirements
6 Control Objectives
(1)
Build & Maintain a Secure Network
(2)
Protect Cardholder Data
(3)
Maintain a Vulnerability Mgmt Program
(4)
Implement Strong Access Control Measures
(5)
Regularly Monitor & test Networks
(6)
Maintain an Information Security Policy
PCI Next Steps
HITECH Meaningful Use
(Health Information Technology for Economic and Clinical Health)
Effective:
February 17, 2009
Meaningful Penalties
HIPAA Mandate
164.308(a)(1)(ii)(A)
HIPAA Audit Evidence
Personal Identifiable Information
(PII)