Free Essay

Security Contexts Lab2

In:

Submitted By nirvanablitz54
Words 375
Pages 2
Week 2 Lab Compliance Law | Purpose | Requirements | PCI | To enhance security of credit card data. The key pieces of data that can be stolen are: name, credit card number, expiration date, and security code. | 1. Install and maintain a firewall. 2. Do no use defaults. 3. Protect stored data. 4. Encrypt transmissions. 5. Use and update antivirus software. 6. Develop and maintain secure systems. 7. Restrict access to data. 8. Use unique logons for each user. 9. Restrict physical access. 10. Track and monitor all access to systems and data. 11. Regularly test security. 12. Maintain a security policy. | HIPAA | To ensure that health information data is protected. Health information is any data that is created or received by health care providers, health plans, public health authorities, employers, life insurers, schools or universities, and health care clearinghouses. It relates to any past, present, or future health, physical health, mental health, or condition of an individual, and past, present, and or future payments for health care. | Security standards: Specific standards are to be used for storage of data, use of data, and transmission of data.Privacy standards: Data must not be shared with anyone without the express consent of the patient.Penalties: Penalties include mistakes, knowingly obtaining or releasing data, obtaining or disclosing data under false pretenses, and obtaining or disclosing data for personal gain or malicious harm. | FERPA | To protect the privacy of student records. This includes education data and health data. FERPA applies to all schools that receive any funding from the U.S. Department of Education. | FERPA grants rights to parents of students under 18. All personally identifiable information (PII) about the student must be protected. Schools usually need permission to release PII. | SOX | To reduce fraud. SOX applies to any company that is publicly traded. It is designed to hold executives and board members personally responsible for financial data. | CEOs and CFOs must be able to verify accuracy of financial statements and prove that the statements are accurate. | GLBA | Also known as the Financial Services Modernization Act. It relates to how banking and insurance institutions can merge. | Financial Privacy Rule: Requires companies to notify customers about their privacy practices.Safeguards Rule: Companies must have a security plan to protect customer information. |

Similar Documents

Premium Essay

Term Papers

...Toussaint Chivars IS3110/Lab2 8/16/2014 Align Risks, Threats & Vulnerabilities to COBIT Lab 2 1. List indentified threats & vulnerabilities Risk Factors from Lab1 a. Unauthorized access from public Internet High risk b. User destroys data in application and deletes files High risk c. Hacker penetrates your IT infrastructure and Medium risk gains access to your internal network d. Intra-office employee romance gone bad High risk e. Fire destroys primary data center Low 2. PO9.2 IT Establishment of Risk Context; PO9.3 Event Identification; PO9.4 Risk Assessment. 3. a. Unauthorized access from public Internet Integrity b. User destroys data in application and deletes files Availability c. Hacker penetrates your IT infrastructure and Confidentiality gains access to your internal network 4. The risks potential, the current protection level and the mitigation steps needed to prepare or reduce the risks/damages. 5. a. Threat vulnerability 1: unauthorized from public internet Information---firewall and encryption. Applications---only from recommended sources (applications with encryption, antivirus protection will be used. Infrastructure—Firewalls People---IT awareness training for all employees, monitoring from IT manager b. Threat or...

Words: 719 - Pages: 3