Thursday, February 14, 2008

Who is who? ISO 27001 and others...

  • Sarbanes Oxley (SOX) requires companies to disclose information regarding finances and accounting. SOX helps prevent financial malpractice and accounting disclosures. All public companies must adhere to SOX regulations.
  • Gramm-Leach Bliley Act (GLBA) requires financial institutions to protect customer data and provide privacy notices. Banks and financial institutions must follow GLBA.
  • Health Insurance Portability and Accountability Act (HIPAA) requires health care organizations to ensure the privacy of personal health information. Hospitals, medical centers and any business dealing with patient medical records must comply with HIPAA.
  • Payment Card Industry (PCI) specifies how to secure information systems and media containing cardholder account information to prevent access by or disclosure to any unauthorized party. PCI also covers how to effectively delete unnecessary data. Companies that store, process or transmit credit card holder data must follow PCI.
  • ISO 17799 / 27001 is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission. Its full name is ISO/IEC 27001:2005 - Information technology — Security techniques — Information security management systems – Requirements, but it is commonly known as "ISO 27001."
  • COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.

No comments: