The document discusses several US acts related to privacy, security and commerce including HIPAA, the Patriot Act, COPPA, SOPA, Sarbanes-Oxley Act, and FISMA. It provides overviews of what each act covers, when they were passed, their key implications and requirements. For example, it notes that HIPAA protects patient health information, the Patriot Act increased government interference in financial activities, and FISMA requires appropriate security controls and training for federal information systems.
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
Continuing legal education (CLE) presentation regarding data confidentiality, information security, computer forensics and legal ethics in light of technology-related changes made to the American Bar Association's Model Rules of Professional Conduct.
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
An overview of GDPR data privacy and the impact on traditional information security practices, which was presented at SecureWorld Dallas, October, 2017
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
Continuing legal education (CLE) presentation regarding data confidentiality, information security, computer forensics and legal ethics in light of technology-related changes made to the American Bar Association's Model Rules of Professional Conduct.
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
An overview of GDPR data privacy and the impact on traditional information security practices, which was presented at SecureWorld Dallas, October, 2017
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
Gregory Fliszar, J.D., Ph.D., of Cozen O'Connor will make this presentation on Friday, February 26, 2015, at a PhilaPACT (Greater Philadelphia Alliance for Capital Technologies) cybersecurity series event at Philadelphia Marriott West in West Conshohocken.
Greg Fliszar, a member of the Business Law Department and the Health Law Practice Group and the Privacy, Data & Cyber Security Industry Team, will present on the legal issues of cybersecurity and healthcare at this timely discussion. In the wake of the Anthem cyber breach, protecting the security of medical records, and compliance with HIPAA and HITECH, are relevant to a variety of businesses that provide services to the health-care industry. Greg will share his insights on how to protect your organization's data.
Learn more about Greg's expertise and experience at http://www.cozen.com/people/bios/fliszar-gregory.
To register for the event, go to http://www.cozen.com/events/2015/pact-cybersecurity-series-event.
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
While information governance has been a best practice in cybersecurity, outside of the Federal government and Sarbanes-Oxley financial reporting requirements, for the most part, regulations have not required information governance. That is rapidly changing. The New York Department of Financial Services new cybersecurity regulation has intensive information governance requirements that go beyond personal information. the European Global Data Protection Regulation also has significant information governance requirements. This session will discuss some of these regulatory requirements and where regulation is going in these areas.
What Financial Institution Cyber Regs Tell the Infrastructure SectorCBIZ, Inc.
Information security is a threat for every business, but it’s particularly disruptive to the nation’s infrastructure systems. Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory efforts are successful in reducing the number of financial institution cyber incidents, state and federal regulators may turn their attention to other industries.
'Cyber Crime ACT 2015' is Nugget 4 in the series 'Cyber Security Awareness Month 2017' It is important that you understand the direction and view of the Government in Cyber Crime. Remember Cyber Security is everyone's responsibility.
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
Survey of law, regulation and technology risk including new cyber security regulations, HIPAA, European Privacy GDPR, Internet of Things Liability, State Law
William Gamble
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, mandating that data about consumers be protected against a breach. If your IBM i system contains data for consumers from the state of California, the time to prepare is now.
In this webinar featuring well-known IBM i encryption expert Patrick Townsend, we share information that will help you prepare for CCPA compliance, including:
• Consumer rights granted by CCPA
• Hardening systems to prevent a breach
• Obscuring data to prevent exposure
• How Syncsort can help
CCPA is almost here. View this webinar on-demand and get started down the path to compliance!
Presented by EndCoder Denise Fouche, this presentation describes South Africa's legal response to cyber security threats, particularly in the banking industry.
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
This is the presentation from the class I taught at the University of Toronto Faculty of Information Sciences graduate school - a major challenge to capture the concepts in less than 3 hours!
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
Part of the webinar series:
CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
Gregory Fliszar, J.D., Ph.D., of Cozen O'Connor will make this presentation on Friday, February 26, 2015, at a PhilaPACT (Greater Philadelphia Alliance for Capital Technologies) cybersecurity series event at Philadelphia Marriott West in West Conshohocken.
Greg Fliszar, a member of the Business Law Department and the Health Law Practice Group and the Privacy, Data & Cyber Security Industry Team, will present on the legal issues of cybersecurity and healthcare at this timely discussion. In the wake of the Anthem cyber breach, protecting the security of medical records, and compliance with HIPAA and HITECH, are relevant to a variety of businesses that provide services to the health-care industry. Greg will share his insights on how to protect your organization's data.
Learn more about Greg's expertise and experience at http://www.cozen.com/people/bios/fliszar-gregory.
To register for the event, go to http://www.cozen.com/events/2015/pact-cybersecurity-series-event.
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
While information governance has been a best practice in cybersecurity, outside of the Federal government and Sarbanes-Oxley financial reporting requirements, for the most part, regulations have not required information governance. That is rapidly changing. The New York Department of Financial Services new cybersecurity regulation has intensive information governance requirements that go beyond personal information. the European Global Data Protection Regulation also has significant information governance requirements. This session will discuss some of these regulatory requirements and where regulation is going in these areas.
What Financial Institution Cyber Regs Tell the Infrastructure SectorCBIZ, Inc.
Information security is a threat for every business, but it’s particularly disruptive to the nation’s infrastructure systems. Infrastructure companies should monitor how mandatory rules play out for financial institutions. If the regulatory efforts are successful in reducing the number of financial institution cyber incidents, state and federal regulators may turn their attention to other industries.
'Cyber Crime ACT 2015' is Nugget 4 in the series 'Cyber Security Awareness Month 2017' It is important that you understand the direction and view of the Government in Cyber Crime. Remember Cyber Security is everyone's responsibility.
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
Survey of law, regulation and technology risk including new cyber security regulations, HIPAA, European Privacy GDPR, Internet of Things Liability, State Law
William Gamble
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredPrecisely
The California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, mandating that data about consumers be protected against a breach. If your IBM i system contains data for consumers from the state of California, the time to prepare is now.
In this webinar featuring well-known IBM i encryption expert Patrick Townsend, we share information that will help you prepare for CCPA compliance, including:
• Consumer rights granted by CCPA
• Hardening systems to prevent a breach
• Obscuring data to prevent exposure
• How Syncsort can help
CCPA is almost here. View this webinar on-demand and get started down the path to compliance!
Presented by EndCoder Denise Fouche, this presentation describes South Africa's legal response to cyber security threats, particularly in the banking industry.
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
This is the presentation from the class I taught at the University of Toronto Faculty of Information Sciences graduate school - a major challenge to capture the concepts in less than 3 hours!
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
Part of the webinar series:
CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Using international standards to improve US cybersecurityIT Governance Ltd
Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
Multiple security regulations became effective across the globe in 2018, most notably the European Union’s General Data Protection Regulation (GDPR), and additional regulations are on their heels. The California Consumer Privacy Act, with its GDPR-like requirements, is just one of the regulations that requires planning and preparation today.
If you need to implement security policies for IBM i systems and data that will meet today’s compliance requirements and prepare you for those that are on the way, this webinar will help you get on the right track.
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
An overview of some contemporary topics related to privacy and data breaches, with a focus on how security professional can help mitigate privacy risks both before and after data breaches occur.
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
An Overview of the Major Compliance RequirementsDoubleHorn
In this blog, we will explore some of the US government’s compliance standards that are helpful for many federal, state and local agencies while procuring technology and related services.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
Data has emerged as one of the most important resources of today's world. However, there does not exist clear rules on how to make use of this resource. There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy?
The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests.
Oracle ACE Director Dan Morgan and Performance Tuning Corporation (PTC) Chief Strategy Officer Mark Swanholm present data security and the choices ahead for your organization. For more information about Performance Tuning Corporation, visit our website www.perftuning.com .
What is discussed in this presentation?
Security breaches and data theft have made big news headlines in recent months, from Target, to Home Depot and most recently Sony and Chick-Fil-A. Data is one of the most valuable assets in your business and organizations like yours need to be confident they are prepared for future security threats or risk loss of trust from customers and, possibly, unrecoverable financial losses.
But how do you approach security in your environment?
How confident are you that your data is secure?
And what are the objectives and right level of investment needed for the regulatory environment that exists today?
What about tomorrow – will the Security Wars leave your company devastated?
Oracle ACE Director Dan Morgan, an internationally recognized expert in database technology and former University of Washington lecturer, and Mark Swanholm, PTC’s Chief Strategy Officer and 22 year IT Veteran, address the issue of data security from the standpoint of what it is, how to approach it, and what is actually required to avoid being the next victim of hackers.
This Performance Tuning Corporation presentation is focusing on strategy, management, planning, and budgeting, and provides you and your management team the information they need to plan make the best possible decision with respect to an investment to secure your data.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Kseniya Leshchenko: Shared development support service model as the way to ma...Lviv Startup Club
Kseniya Leshchenko: Shared development support service model as the way to make small projects with small budgets profitable for the company (UA)
Kyiv PMDay 2024 Summer
Website – www.pmday.org
Youtube – https://www.youtube.com/startuplviv
FB – https://www.facebook.com/pmdayconference
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
3. What is HIPAA?
• The Health Insurance Portability and Accountability
Act enacted by the U.S. Congress
• Uses electronically exchangeable data to effectively
help in healthcare
• Standards are used to monitor confidentiality and
security of the patient data
4. What information is covered under
HIPPA?
• Patient Health Information (PHI) is covered under
HIPPA
• Any information related to the physical and mental
health of the patient in the past, present or future is
considered a PHI
• PHI is either created or received by the organization
in order to properly care for the patient
5. Why is this important?
• Almost all healthcare units started using electronic
medical records to make care more efficient
• This leads to breaches from both outside and within
the organization
• One’s health information can be used as a
commercial advantage, personal gain, or malicious
harms
6. Security in HIPPA
• Patients have the right to obtain and amend their
PHI
• They also have the right to know how PHI is used and
who it is disclosed to
• Administrative measures must do detail record
keeping and procedure compliance
8. About the Act
• Uniting (and) Strengthening America (by) Providing
Appropriate Tools Required (to) Intercept (and)
Obstruct Terrorism Act
• Passed in Oct.2001 by then president Mr. George
Bush Jr.
• Mother of all acts
9. Effect of PATRIOT act on E-commerce
Indirect repercussions
Stringent measures for B2B and B2C transactions
Wire transfer of money became
difficult
Increased interference of government
in financial activities of Institutions
10. Effect on E-Governance
• Establishment of financial crime
network (FinCNE)
• Increased data sharing
• Increased screening of foreign nationals
• Greater emphasis on knowledge management
12. STOP ONLINE PIRACY ACT (2012)
• Introduced by U.S. Representative Lamar S. Smith in
2011
• Stack holders of SOPA
▫ Hollywood Production Houses e.g. Warner Brothers,
Columbia Motion Picture
▫ Recording Industry e.g. Recording Industry Association
of America
▫ Broadcasting Association
13. Organization opposing the act
• Wikipedia
• Google
• Online video hosting websites
• Websites providing Torrent facility
• Facebook
• Twitter
• Flicker
14. Implications of SOPA
• Domain name system (DNS) will be affected
• Internal networks-VPN
• Different from PROTECT IP
• Blocking of websites with
copyright content
• Blocking the IP addresses
16. • The Child Online Protection
Act (COPA)was a law in the United States of
America, passed in 1998.
• The law, however, never took effect, as three
separate rounds of litigation led to a permanent
injunction against the law in 2009
17. COPPA
• Children’s Online Privacy Protection Act
• Passed on 22nd April 2000
• Protects the privacy of the children
• Destroy the data collected from children of age less
than 13 within 1 year
• To have verifiable consent of the parents
• display the information collected on the website
18. PROTECT(Prosecutorial Remedies and Other Tools to end
the Exploitation of Children Today)Act
• The PROTECT Act of 2003 is a United States law with
the stated intent of preventing child abuse.
• Authorizes wiretapping and monitoring of other
communications in all cases related to child abuse
or kidnapping.
• Provides for mandatory life imprisonment of sex
offenses against a minor if the offender has had a
prior conviction of abuse against a minor, with some
exceptions.
19. Effects of PROTECT Act
• Bars pre-trial release of persons charged with
specified offenses against or involving children.
• Establishes a program to obtain criminal history
background checks for volunteer organizations.
• Eliminates statutes of limitations for child abduction
or child abuse.
• Assigns a national AMBER Alert Coordinator.
• Prohibits drawings, sculptures, and pictures of such
drawings and sculptures depicting minors in actions
or situations that meet the Miller test of being
obscene.
21. Sarbanes Oxley Act
• Enron and WorldCom Collapse - Financial frauds –
led to the formation of Sarbanes Oxley act
• Key Implications
Independence of audit committee
CE and CFO certification of financial statements – SOX
906
SOX 302 – Corporate responsibility for financial reports
SOX 409 – Real time disclosure – disclose information on
material changes in finance on rapid and current basis
Whistle-Blower Protection - Document Destruction
22. Key sections related to the Act
• SOX 404 – Management assessment of Internal
controls over financial reporting – Role of IT
Management create reliable internal financial controls
• Destruction of documents – Periodic policy needed
• Responsibilities IT representatives on SOX teams
Understanding organization’s internal control program
and financial reporting process
Mapping the two to find financial statements
Designing and implementing controls
Documenting and testing the controls designed to mitigate
risk – continuous monitoring
23. Contd ..
• Strong IT controls needed
External auditors – rely on process approach-
Evaluation based on manual/automated controls
Inherent security and control risk – due to virtual
corporate and ecommerce
Large corporate spending on IT - Greater return
expected
• Entry level It securities needed
Trusted Path
Firewall Architectures and Connections with Public
Network – denial of services and unauthorized access
to internal resources
Identification, Authentication, and Access
User account management
24. Case – Retail Chain
• The Scenario
IT process used for creation, update and manipulation of
financial data
Own database – ERP for creation of all financial data and
reports for SEC filings
• Audit findings
Variety of database tools used to insert/delete/modify
(unmitigated) data from underlying ERP databases
User id/password for internal authentication
No controls in org. beyond basic authentication.
25. Solutions
• Controls on data access and updating of underlying
financial databases - ERP system access and any
other access
• Automated provisioning process - segregation of
duties to approve the creation of system user IDs
and access privileges, as well as modification and
removal.
• Audit logging and reporting infrastructure for
reporting system - conformance to the organization’s
internal policies and standards.
27. How did FISMA originate?
• FISMA was introduced by replacing GISRA, title III of
the Electronic Government Act of 2002
• The FISMA Implementation Project was established
in January 2003 to produce several key security
standards and guidelines required by Congressional
legislation of USA.
28. Need for FISMA?
The need to secure information infrastructure used in all federal
agencies.
OBJECTIVES:
▫ For the implementation of a cost-effective, risk-based information
security programs
▫ For the establishment of a level of security due diligence for federal
agencies and contractors supporting the federal government
▫ To create a more consistent and cost-effective application of security
controls across the federal information technology infrastructure
▫ To create a more consistent, comparable, and repeatable security
control assessments
29. Contd..
▫ To generate a better understanding of enterprise-wide mission
risks resulting from the operation of information systems
▫ Lastly, to create a more complete, reliable, and trustworthy
information for authorizing officials--facilitating more informed
security authorization decisions
▫ And also to make sure that there are more secure information
systems within the federal government including the critical
infrastructure of the United States
30. Requirements of FISMA
• Appropriate officials should be assigned
• Periodical review of the security controls of the
information system
• Security awareness training should be done
• Guidelines laid by NSIT for information security
control should be followed
• Lastly, plan for security should be followed
32. How to implement FISMA?
• Generally, CIO’s are given the responsibility in
compliance with the CISO
• Then the IG’s review the process and reporting
• Reports are sent to the OMB by the end of each
financial year.
• Reporting standards are governed by OMB 130 and
NSIT special publication 800-26 with changes
including of 800-53
33. Advantages of FISMA
• Its considered the best approach to ensure that sensitive
government systems and data are secure
• Helps manage government systems and information,
include insurance companies, e.g. Medicare claims, and
out sourcecing companies which manage federal
systems, such as Lockheed Martin, Northrop Grumman
• FISMA reports by mandating a standard interface and
follow a format for entering FISMA data. The OMB then
provides this data via reports to other agencies.