Presentation is loading. Please wait.

Presentation is loading. Please wait.

InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE 02.26.04.

Published byMorgan Sullivan Modified over 8 years ago

Similar presentations

Presentation on theme: "InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE 02.26.04."— Presentation transcript:

1 InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE 02.26.04

2 InfoSecurity -Are you ready? Does your company process electronic protected health information (EPHI)? HIPAA Subtitle F; 45 CFR (Parts 160, 162, 164) Does your company receive and process protected personal information (PPI)/financial data that belongs to individuals? GLBA Title V - Privacy; 12 CFR Part 30 and other CFRs Can the FBI review your company’s business records, including electronic computer records as part of the effort to fight terrorism? USA Patriot Act Sections 215

3 InfoSecurity -Are you ready? Does your company submit data electronically to the Food and Drug Administration? FDA Modernization Act of 1997 21 CFR Part 11 Does your company process personal data that belongs to individuals that are citizens of any country in the European Union? Directive 95/46/EC Article 17 Does your company process certain types of unencrypted personal information belonging to California Citizens? SB 1386 Does your company process information belonging to an agency or department in the Federal Government? FISMA Sections 302 and 303

4 Is your company a financial institution that is required by the Federal Reserve to maintain capital reserves? Does your company have a published privacy policy or have made public proclamations about the quality of your information security? Is your company an outside service provider/vendor that processes “protected data” belonging to a regulated client? Federal Trade Commission Act Section 5(a) Any of the above. BASEL II Section V InfoSecurity -Are you ready? Is your company a public company, have ambitions to become a public company or are you a public accounting firm? Sarbanes Oxley Act of 2002 Sections 302 and 404

5 Business Impact? Will the immaturity of your infosecurity practices impact your ability to do business? –Are you directly or indirectly regulated? –What future regulatory changes are forthcoming? Do you recognize an emerging “cultural trend”? Can you afford to wait for an “enforcement action” before being motivated to make a needed investment in security? –Will you have enough time to act, when action is needed?

6 Business Impact? Are you willing to lose business opportunities by failing to pass a “due diligence” review? Can you withstand a public disclosure that your internal security has been compromised? Do you have the resources to implement an effective infosecurity practice? –People; Money; Tools; Knowledge –Are you able to meet the spirit of ISO 17799? Policy, Procedures, Baseline Security,...

7 Compliance Strategies Consider outsourcing opportunities to experienced practitioners –Information Technology Services (Tier 1, Tier 2) –Information Security Services When necessary and cost-justified, roll your own security –Implementing an internal Information Security Practice –Professionally managed – Ideally CISSP managed Hybrid strategies – more likely for most organizations –Because there is much to do as per ISO 17799 –You cannot outsource all infosecurity processing Dealing with application specific information access requirements.

Download ppt "InfoSecurity Compliance Are you ready to be regulated? Presented by: Umesh Verma CEO, BLUE LANCE 02.26.04."

Similar presentations

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.

1 Health Insurance Portability and Accountability Act of 1996 IS&C Expo October 16 & 17, 2002 John Wagner Governor’s Office of Technology.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA How It Is Affecting Information Systems Within Companies Around Us.

HIPAA How It Is Affecting Information Systems Within Companies Around Us.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.

C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES Chapter 10 Privacy Policy © Routledge Richard.
Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.

Anti-Money Laundering and OFAC Compliance for Transfer Agents SSA Annual Conference July 25, 2008.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Il-Sung Lee Senior Program Manager Microsoft Corporation SESSION CODE: DAT302.

Il-Sung Lee Senior Program Manager Microsoft Corporation SESSION CODE: DAT302.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.

What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.
Security Controls – What Works

Security Controls – What Works
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
WELCOME Annual Meeting & Compliance Seminar. Code of Conduct - Impact on Corporate Culture by Andy Greenstein Knight Capital Group, Inc.

WELCOME Annual Meeting & Compliance Seminar. Code of Conduct - Impact on Corporate Culture by Andy Greenstein Knight Capital Group, Inc.
University of Alaska System and UAF Information Technology Security Review 2007.

University of Alaska System and UAF Information Technology Security Review 2007.
HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.

HIPAA COMPLIANCE FANTASTIC FOUR CASEY FORD MANINDER SINGH RANGER OLSOM Information Security in Real Business.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Similar presentations

Ads by Google