Complying with regulatory and business security needs:
A pragmatic primer for protecting your most critical assets
by David Johnson.
For most businesses, government agencies, institutions and other organisations, security can at times seem like an overwhelmingly complex challenge. Threats to your data, both real and perceived, loom from all angles. Hacker attacks, disgruntled or dishonest employees, and competitive snooping are just some of the concerns with respect to protecting proprietary information.
Regulatory drivers are mounting, as well, as an ever-growing list of legislation and new acronyms to contend with. In Europe, the EU and individual countries have their own regulations governing the privacy of information including, as examples, the European Community Directives on human rights, electronic commerce, data protection, and privacy and electronic communications and the UK’s Data Protection Act. In the US, HIPAA, GLBA, and “SOX” are just a few to contend with. On a worldwide basis, the Basel II Capital Accord is front of mind for all internationally active banks.
Faced with a long and growing list of international regulations affecting IT security, compliance is viewed as one of the top concerns for many executives. Some of these laws hold organisations accountable for protecting the confidentiality of consumer or patient information. Others require companies to provide detailed and reliable documentation on financial decisions, transactions and risk assessments. And new laws are being passed all the time.
Deciphering the regulatory alphabet soup
Here is a quick primer on some of these regulations and what they mean: