Information Security Laws and Standards

Information Security Laws and Standards – law function as a system of rules and guidelines enforced by a particular country or community to govern behavior. A standard is a document established by consenus and approved by a recognized body that provides, for common and repeated use, rules, guidelines or characteristics for activities or thier results, aimed at the achievement of the optimum degree of order in a given context. This section deals with various laws and standards pertaining to information security in different countries.

Information Security Laws and Standards

Payment Card Industry Data Security Standard (PCI DSS)

Source : https://www.pcisecuritystandards.org

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary Information security standard for organization that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards.

PCI DSS applies to all entities involved in payment card processing including mercharnts, processors, acquires, issurs and service providers, as well as other entities that store, process or transmit cardholder data.

High Level overview of the PCI DSS requirements developed and maintained by Payment Card Industry (PCI) security standards council.

Information Security Laws and Standards

ISO/IEC 27001:2013

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information on security management system within the context of the organization.

It is intended to be suitable for several different types of use, including the following:

  1. Use within organizations to formulate security requirements and objectives.
  2. Use within organization as a way to ensure that security risks are cost effectively managed.
  3. Use within organizations to ensure compliance with laws and regulations.
  4. Definition of new information security management processes.
  5. Identification and clarification of existing information security management processes.
  6. Use by the management of organizations to determine the status of information security management activities.
  7. Implementation of business-enabling information security.
  8. Use by organizations to provide relevant information about information security to customers.

Information Security Laws and Standards

Health Insurance Portability and Accountability Act (HIPAA)

Source : https://www.hhs.gov

The HIPAA Privacy Rule provides federal protections for indiviually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. At the same time, the privacy rule permits the disclosure of health information needed fro patient care and other important purposes.

The Office of civil rights implemented HIPAA’s administrative simplification statute and rules, as discussed below:

Electronic Transaction and Code Sets Standards

Requires every provider who does business electronically to use the same healthcare transactions, code sets, and identifiers.

Privacy Rule

Provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.

Security Rule

Specifies a series of admistrative, physical and technical safeguards for covered entities to use to assure the confidentiality, integrity and availability of electronic protected health information.

National Identifier Requirements

Requres that health care providers, health plans and employers have standard national numbers that identfy them on standard tranctions.

Enforcement Rule

Provides standards for enforcing all the Administration Simplication Rules.

The Digital Millennium Copyright Act (DMCA)

The DMCA is a United States of America’s copyright law that implemts two 1996 traties of the World Intellectual Property Organization (WIPO).

It defines legal prohibitions against cirumvention of technologies protection measures employed by copyright owners to protect thier works, and against the removal or alteration of copyright management information.

Federal Information Security Management Act (FISMA)

The FISMA provides a comprehensive framework for ensuring the effeciveness of information security controls over information resources that support federal operations and assets.

The FISMA framework includes:

  • Standards for categorizing information and information systems by mission impact.
  • Standards for minimum security requirements for information and information systems.
  • Guidance for selecting appropritate security controls for information systems.
  • Guidance for assessing security controls in information systems and determining security control effectiveness.
  • Guidance for the security authorization of information systems.

If You Like This Post Please Comment Down For More Hacking Post Click Here

Related posts

Leave a Comment