Swarupa Rani Sahu, profile picture
Uploaded bySwarupa Rani Sahu
PPTX, PDF481 views

Implications of acts in organizations

The document discusses several US acts related to privacy, security and commerce including HIPAA, the Patriot Act, COPPA, SOPA, Sarbanes-Oxley Act, and FISMA. It provides overviews of what each act covers, when they were passed, their key implications and requirements. For example, it notes that HIPAA protects patient health information, the Patriot Act increased government interference in financial activities, and FISMA requires appropriate security controls and training for federal information systems.

Embed presentation

Download to read offline
Implications of Acts in Organizations Deepak . S Kasturi Pal Mervin.S Sudhanshu cyril Swarupa rani sahu
HIPAA Health Insurance Portability and Accountability Act
What is HIPAA? • The Health Insurance Portability and Accountability Act enacted by the U.S. Congress • Uses electronically exchangeable data to effectively help in healthcare • Standards are used to monitor confidentiality and security of the patient data
What information is covered under HIPPA? • Patient Health Information (PHI) is covered under HIPPA • Any information related to the physical and mental health of the patient in the past, present or future is considered a PHI • PHI is either created or received by the organization in order to properly care for the patient
Why is this important? • Almost all healthcare units started using electronic medical records to make care more efficient • This leads to breaches from both outside and within the organization • One’s health information can be used as a commercial advantage, personal gain, or malicious harms
Security in HIPPA • Patients have the right to obtain and amend their PHI • They also have the right to know how PHI is used and who it is disclosed to • Administrative measures must do detail record keeping and procedure compliance
The USA Patriot Act
About the Act • Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act • Passed in Oct.2001 by then president Mr. George Bush Jr. • Mother of all acts
Effect of PATRIOT act on E-commerce  Indirect repercussions  Stringent measures for B2B and B2C transactions  Wire transfer of money became difficult  Increased interference of government  in financial activities of Institutions
Effect on E-Governance • Establishment of financial crime network (FinCNE) • Increased data sharing • Increased screening of foreign nationals • Greater emphasis on knowledge management
SOPA STOP ONLINE PIRACY ACT (2012)
STOP ONLINE PIRACY ACT (2012) • Introduced by U.S. Representative Lamar S. Smith in 2011 • Stack holders of SOPA ▫ Hollywood Production Houses e.g. Warner Brothers, Columbia Motion Picture ▫ Recording Industry e.g. Recording Industry Association of America ▫ Broadcasting Association
Organization opposing the act • Wikipedia • Google • Online video hosting websites • Websites providing Torrent facility • Facebook • Twitter • Flicker
Implications of SOPA • Domain name system (DNS) will be affected • Internal networks-VPN • Different from PROTECT IP • Blocking of websites with copyright content • Blocking the IP addresses
Child Online Protection Act
• The Child Online Protection Act (COPA)was a law in the United States of America, passed in 1998. • The law, however, never took effect, as three separate rounds of litigation led to a permanent injunction against the law in 2009
COPPA • Children’s Online Privacy Protection Act • Passed on 22nd April 2000 • Protects the privacy of the children • Destroy the data collected from children of age less than 13 within 1 year • To have verifiable consent of the parents • display the information collected on the website
PROTECT(Prosecutorial Remedies and Other Tools to end the Exploitation of Children Today)Act • The PROTECT Act of 2003 is a United States law with the stated intent of preventing child abuse. • Authorizes wiretapping and monitoring of other communications in all cases related to child abuse or kidnapping. • Provides for mandatory life imprisonment of sex offenses against a minor if the offender has had a prior conviction of abuse against a minor, with some exceptions.
Effects of PROTECT Act • Bars pre-trial release of persons charged with specified offenses against or involving children. • Establishes a program to obtain criminal history background checks for volunteer organizations. • Eliminates statutes of limitations for child abduction or child abuse. • Assigns a national AMBER Alert Coordinator. • Prohibits drawings, sculptures, and pictures of such drawings and sculptures depicting minors in actions or situations that meet the Miller test of being obscene.
Sarbanes–Oxley Act
Sarbanes Oxley Act • Enron and WorldCom Collapse - Financial frauds – led to the formation of Sarbanes Oxley act • Key Implications  Independence of audit committee  CE and CFO certification of financial statements – SOX 906  SOX 302 – Corporate responsibility for financial reports  SOX 409 – Real time disclosure – disclose information on material changes in finance on rapid and current basis  Whistle-Blower Protection - Document Destruction
Key sections related to the Act • SOX 404 – Management assessment of Internal controls over financial reporting – Role of IT  Management create reliable internal financial controls • Destruction of documents – Periodic policy needed • Responsibilities IT representatives on SOX teams  Understanding organization’s internal control program and financial reporting process  Mapping the two to find financial statements  Designing and implementing controls  Documenting and testing the controls designed to mitigate risk – continuous monitoring
Contd .. • Strong IT controls needed  External auditors – rely on process approach- Evaluation based on manual/automated controls  Inherent security and control risk – due to virtual corporate and ecommerce  Large corporate spending on IT - Greater return expected • Entry level It securities needed  Trusted Path  Firewall Architectures and Connections with Public Network – denial of services and unauthorized access to internal resources  Identification, Authentication, and Access  User account management
Case – Retail Chain • The Scenario  IT process used for creation, update and manipulation of financial data  Own database – ERP for creation of all financial data and reports for SEC filings • Audit findings  Variety of database tools used to insert/delete/modify (unmitigated) data from underlying ERP databases  User id/password for internal authentication  No controls in org. beyond basic authentication.
Solutions • Controls on data access and updating of underlying financial databases - ERP system access and any other access • Automated provisioning process - segregation of duties to approve the creation of system user IDs and access privileges, as well as modification and removal. • Audit logging and reporting infrastructure for reporting system - conformance to the organization’s internal policies and standards.
FISMA Federal Information Security Management Act (2003)
How did FISMA originate? • FISMA was introduced by replacing GISRA, title III of the Electronic Government Act of 2002 • The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation of USA.
Need for FISMA? The need to secure information infrastructure used in all federal agencies. OBJECTIVES: ▫ For the implementation of a cost-effective, risk-based information security programs ▫ For the establishment of a level of security due diligence for federal agencies and contractors supporting the federal government ▫ To create a more consistent and cost-effective application of security controls across the federal information technology infrastructure ▫ To create a more consistent, comparable, and repeatable security control assessments
Contd.. ▫ To generate a better understanding of enterprise-wide mission risks resulting from the operation of information systems ▫ Lastly, to create a more complete, reliable, and trustworthy information for authorizing officials--facilitating more informed security authorization decisions ▫ And also to make sure that there are more secure information systems within the federal government including the critical infrastructure of the United States
Requirements of FISMA • Appropriate officials should be assigned • Periodical review of the security controls of the information system • Security awareness training should be done • Guidelines laid by NSIT for information security control should be followed • Lastly, plan for security should be followed
How to implement FISMA?
How to implement FISMA? • Generally, CIO’s are given the responsibility in compliance with the CISO • Then the IG’s review the process and reporting • Reports are sent to the OMB by the end of each financial year. • Reporting standards are governed by OMB 130 and NSIT special publication 800-26 with changes including of 800-53
Advantages of FISMA • Its considered the best approach to ensure that sensitive government systems and data are secure • Helps manage government systems and information, include insurance companies, e.g. Medicare claims, and out sourcecing companies which manage federal systems, such as Lockheed Martin, Northrop Grumman • FISMA reports by mandating a standard interface and follow a format for entering FISMA data. The OMB then provides this data via reports to other agencies.
References • http://csrc.nist.gov/groups/SMA/fisma/index.html • http://www.authorstream.com/Presentation/aSGues t7375-125409-fisma-business-finance-ppt- powerpoint/ • http://community.ca.com/blogs/iam/archive/2009/1 1/12/the-relative-adoption-of-fisma.aspx • http://csrc.nist.gov/groups/SMA/fisma/index.html • http://searchsecurity.techtarget.com/definition/Fede ral-Information-Security-Management-Act
References contd …. • Wikipedia • http://www.coppa.org/coppa.htm • www.fincen.gov › Statutes & Regulations • www.hhs.gov • http://news.cnet.com/8301-31921_3-57329001-281/how-sopa-would-affect-you- faq/ • http://www.pwc.lu/en_LU/lu/it-effectiveness/docs/pwc-sarbanes- oxley210606.pdf • http://www.sans.org/reading_room/whitepapers/casestudies/impact-sarbanes- oxley-act-security_1344 • . http://www.auerbach-publications.com/dynamic_data/2928_1724_76-10- 01.pdf. http://accounting.smartpros.com/x43196.xml • http://www.stalback.net/duppsats.pdf • http://www.aacsb.edu/publications/archives/julyaug05/p24-29.pdf

More Related Content

PPTX
The general data protection act overview
byRoy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
PPSX
Otieno antony rethinking internet shutdown
byOtieno Antony
 
PPTX
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
bysaurnou
 
PPTX
Dealing Data Leaks: Creating Your Data Breach Response Plan
bybenefitexpress
 
PPTX
Data Privacy for Information Security Professionals Part 1
byDione McBride, CISSP, CIPP/E
 
PDF
CULCT Cybersecurity Workshop 2.10.15
byE Andrew Keeney
 
PPTX
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
byCloudWATCH Consortium
 
PDF
Emergency Decree on Electronic Meetings B.E. 2563
byLawPlus Ltd.
 
The general data protection act overview
byRoy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Otieno antony rethinking internet shutdown
byOtieno Antony
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
bysaurnou
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
bybenefitexpress
 
Data Privacy for Information Security Professionals Part 1
byDione McBride, CISSP, CIPP/E
 
CULCT Cybersecurity Workshop 2.10.15
byE Andrew Keeney
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
byCloudWATCH Consortium
 
Emergency Decree on Electronic Meetings B.E. 2563
byLawPlus Ltd.
 

What's hot

PPT
Building a cybercrime case
byOnline
 
PDF
Examples of international privacy legislation
byUlf Mattsson
 
PPTX
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
byeringold
 
PPT
The New Massachusetts Privacy Rules (February 2, 2010)
bystevemeltzer
 
PPTX
Canadian Breach Regulations: Introduction and Overview
byResilient Systems
 
PDF
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
byARMA International
 
PPT
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
byLisa Abe-Oldenburg, B.Comm., JD.
 
PDF
Regulatory Compliance under the Information Technology Act, 2000
byn|u - The Open Security Community
 
PPT
Lesson 1
byMLG College of Learning, Inc
 
PDF
What Financial Institution Cyber Regs Tell the Infrastructure Sector
byCBIZ, Inc.
 
PDF
Gdpr brexit presentation for brighton seo
byKeithBudden3
 
PPT
Privacy and personal information
byUc Man
 
PDF
Cyber crime (prohibition,prevention,etc)_act,_2015
byChinatu Uzuegbu
 
PPTX
Legal vectors - Survey of Law, Regulation and Technology Risk
byWilliam Gamble
 
PDF
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
byPrecisely
 
PPTX
Hitech changes-to-hipaa
bygeeksikh
 
PDF
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
byFrancoise Gilbert
 
PPTX
Cyber Banking Conference
byEndcode_org
 
PPT
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
byAnitafin
 
Building a cybercrime case
byOnline
 
Examples of international privacy legislation
byUlf Mattsson
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
byeringold
 
The New Massachusetts Privacy Rules (February 2, 2010)
bystevemeltzer
 
Canadian Breach Regulations: Introduction and Overview
byResilient Systems
 
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...
byARMA International
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
byLisa Abe-Oldenburg, B.Comm., JD.
 
Regulatory Compliance under the Information Technology Act, 2000
byn|u - The Open Security Community
 
Lesson 1
byMLG College of Learning, Inc
 
What Financial Institution Cyber Regs Tell the Infrastructure Sector
byCBIZ, Inc.
 
Gdpr brexit presentation for brighton seo
byKeithBudden3
 
Privacy and personal information
byUc Man
 
Cyber crime (prohibition,prevention,etc)_act,_2015
byChinatu Uzuegbu
 
Legal vectors - Survey of Law, Regulation and Technology Risk
byWilliam Gamble
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
byPrecisely
 
Hitech changes-to-hipaa
bygeeksikh
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
byFrancoise Gilbert
 
Cyber Banking Conference
byEndcode_org
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
byAnitafin
 

Similar to Implications of acts in organizations

DOCX
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
bychristinemaritza
 
PPT
DieboldFinal_adlerp0408
byAspiration Software LLC
 
PPT
It Industry Regulations
byNicholas Davis
 
PPT
It industry regulations
byNicholas Davis
 
PPTX
IT Professional Elective: Laws and Regulatory Requirements
byRyouKinoshita
 
PDF
CIS 2015- Assessing the Risk of Identity and Access- Venkat Rajaji
byCloudIDSummit
 
PDF
2018-11-15 IT Assessment
byRaffa Learning Community
 
PDF
An Overview of the Major Compliance Requirements
byDoubleHorn
 
PDF
Technology Trends: Value Office
bySSF Global
 
PPTX
Assessing the Risk of Identity and Access
byCourion Corporation
 
PDF
The Most Wonderful Time of the Year for Health-IT...NOT
byCompliancy Group
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
PDF
How to Build and Implement your Company's Information Security Program
byFinancial Poise
 
PPT
Data Risks In A Digital Age
bypadler01
 
PPTX
IQPC eDiscovery Goverment - Washington D.C.
byJ. David Morris
 
PPTX
egal, Ethical, and Professional Issues in Information Security.pptx
bysania82678
 
PDF
Don't let them take a byte
bylgcdcpas
 
PDF
Data Privacy
bycliff_rudolph
 
PDF
CIS13: Intelligence-Driven IAM: The Next Generation of Identity and Access Go...
byCloudIDSummit
 
PPTX
Laws and ethics in information assurance
byakbarshah9596
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
bychristinemaritza
 
DieboldFinal_adlerp0408
byAspiration Software LLC
 
It Industry Regulations
byNicholas Davis
 
It industry regulations
byNicholas Davis
 
IT Professional Elective: Laws and Regulatory Requirements
byRyouKinoshita
 
CIS 2015- Assessing the Risk of Identity and Access- Venkat Rajaji
byCloudIDSummit
 
2018-11-15 IT Assessment
byRaffa Learning Community
 
An Overview of the Major Compliance Requirements
byDoubleHorn
 
Technology Trends: Value Office
bySSF Global
 
Assessing the Risk of Identity and Access
byCourion Corporation
 
The Most Wonderful Time of the Year for Health-IT...NOT
byCompliancy Group
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
How to Build and Implement your Company's Information Security Program
byFinancial Poise
 
Data Risks In A Digital Age
bypadler01
 
IQPC eDiscovery Goverment - Washington D.C.
byJ. David Morris
 
egal, Ethical, and Professional Issues in Information Security.pptx
bysania82678
 
Don't let them take a byte
bylgcdcpas
 
Data Privacy
bycliff_rudolph
 
CIS13: Intelligence-Driven IAM: The Next Generation of Identity and Access Go...
byCloudIDSummit
 
Laws and ethics in information assurance
byakbarshah9596
 

More from Swarupa Rani Sahu

PPTX
Nivea
bySwarupa Rani Sahu
 
PDF
Black and Decker: Household Products Groups: Brand Transition
bySwarupa Rani Sahu
 
PPTX
Land Rover North America
bySwarupa Rani Sahu
 
PPTX
McDonald's
bySwarupa Rani Sahu
 
PPTX
The health travelers
bySwarupa Rani Sahu
 
DOCX
Marketing plan for immunity booster(in health products)
bySwarupa Rani Sahu
 
PPTX
Yoplaits
bySwarupa Rani Sahu
 
PPTX
Cunard Line Ltd : Integrated marketing communication
bySwarupa Rani Sahu
 
PPTX
Brand pipe company
bySwarupa Rani Sahu
 
PPTX
Cola wars
bySwarupa Rani Sahu
 
DOCX
What 2012 has in store for HR ?
bySwarupa Rani Sahu
 
PPTX
P&G Canada : Developing Scope Advertising copy
bySwarupa Rani Sahu
 
DOC
Google voice
bySwarupa Rani Sahu
 
DOCX
THE COMPANY I ADMIRE THE MOST FOR ITS CORPORATE SOCIAL RESPONSIBILITY
bySwarupa Rani Sahu
 
DOCX
Always a winner
bySwarupa Rani Sahu
 
PPTX
India's Formula 1 debut
bySwarupa Rani Sahu
 
PPTX
Organisational culture
bySwarupa Rani Sahu
 
DOCX
Decision making
bySwarupa Rani Sahu
 
DOCX
Ratio Analysis
bySwarupa Rani Sahu
 
PPTX
Materials management system
bySwarupa Rani Sahu
 
Nivea
bySwarupa Rani Sahu
 
Black and Decker: Household Products Groups: Brand Transition
bySwarupa Rani Sahu
 
Land Rover North America
bySwarupa Rani Sahu
 
McDonald's
bySwarupa Rani Sahu
 
The health travelers
bySwarupa Rani Sahu
 
Marketing plan for immunity booster(in health products)
bySwarupa Rani Sahu
 
Yoplaits
bySwarupa Rani Sahu
 
Cunard Line Ltd : Integrated marketing communication
bySwarupa Rani Sahu
 
Brand pipe company
bySwarupa Rani Sahu
 
Cola wars
bySwarupa Rani Sahu
 
What 2012 has in store for HR ?
bySwarupa Rani Sahu
 
P&G Canada : Developing Scope Advertising copy
bySwarupa Rani Sahu
 
Google voice
bySwarupa Rani Sahu
 
THE COMPANY I ADMIRE THE MOST FOR ITS CORPORATE SOCIAL RESPONSIBILITY
bySwarupa Rani Sahu
 
Always a winner
bySwarupa Rani Sahu
 
India's Formula 1 debut
bySwarupa Rani Sahu
 
Organisational culture
bySwarupa Rani Sahu
 
Decision making
bySwarupa Rani Sahu
 
Ratio Analysis
bySwarupa Rani Sahu
 
Materials management system
bySwarupa Rani Sahu
 

Recently uploaded

DOCX
The Ultimate Guide to Bulk Purchasing Old Gmail Accounts.docx
byBuy Verified Cash App Accounts
 
PDF
David Slone Denver - President Of Lead 2 Serve
byDavid Slone Denver
 
PDF
The Best Marketplaces to Buy and Sell Snapchat Accounts ....pdf
bysy33nn1pvm0ykdle9x4r
 
PDF
Dimi Design Intelligence Parts V and VI.pdf
byBrij Consulting, LLC
 
PPTX
Crisis-Management-Plan-Apple-final case study.pptx
byBudi Septiawan
 
DOCX
7 Best Place To Buy Verified PayPal Accounts in USA.docx
bygetsmmpro getsmmpro.com
 
DOCX
Buying Telegram Accounts for Channels & Groups_ Old & New in the US.docx
byGoogle Business Site is usaallhub
 
DOCX
How To Buy Verified Payoneer Accounts In 2026 Top 1 ....docx
by390625rkl2ieyrgvftta
 
PDF
5 sites To Buy Instagram Accounts Safely_ 2025 Guide..pdf
bysy33nn1pvm0ykdle9x4r
 
PDF
5 Easiest Ways to Buy Snapchat Accounts in the US.pdf
byGoogle Business Site is usaallhub
 
PDF
The Global Success Review: Abdullah Inayat For Top Business Leaders Redefinin...
byThe Global Success Review Magazine
 
PDF
5 sites To Buy Facebook Accounts Safely_ 2025 Guide..pdf
bysy33nn1pvm0ykdle9x4r
 
PPTX
Compassionate Care for Families, Seniors, and Patients
byaidanbutler4355
 
PDF
MCB-Code-of-Conduct Mansehra postal service operation management
bytanolihaseeb21
 
PDF
How to open a checking and savings bank account with ....pdf
by4b6fi2jol3skajahxend
 
PDF
GLIMPSE OF 2025 -- TECH EHS Solution | 18 Years of EHS Experties
byTECH EHS Solution
 
PDF
NAS For MEs Presentation relating to Nepal
bySarunChhetri1
 
PDF
Encyclopedia of Cyber Warfare by Paul J. Springer (z-lib.org).pdf
byolongapopnp
 
PDF
Capital One Bank – Best Selling Online Banking PHP Script.pdf
by4b6fi2jol3skajahxend
 
PDF
How to purchase a safely verified Chime bank account ....pdf
byndsfcm3nubx18jc4s6f4
 
The Ultimate Guide to Bulk Purchasing Old Gmail Accounts.docx
byBuy Verified Cash App Accounts
 
David Slone Denver - President Of Lead 2 Serve
byDavid Slone Denver
 
The Best Marketplaces to Buy and Sell Snapchat Accounts ....pdf
bysy33nn1pvm0ykdle9x4r
 
Dimi Design Intelligence Parts V and VI.pdf
byBrij Consulting, LLC
 
Crisis-Management-Plan-Apple-final case study.pptx
byBudi Septiawan
 
7 Best Place To Buy Verified PayPal Accounts in USA.docx
bygetsmmpro getsmmpro.com
 
Buying Telegram Accounts for Channels & Groups_ Old & New in the US.docx
byGoogle Business Site is usaallhub
 
How To Buy Verified Payoneer Accounts In 2026 Top 1 ....docx
by390625rkl2ieyrgvftta
 
5 sites To Buy Instagram Accounts Safely_ 2025 Guide..pdf
bysy33nn1pvm0ykdle9x4r
 
5 Easiest Ways to Buy Snapchat Accounts in the US.pdf
byGoogle Business Site is usaallhub
 
The Global Success Review: Abdullah Inayat For Top Business Leaders Redefinin...
byThe Global Success Review Magazine
 
5 sites To Buy Facebook Accounts Safely_ 2025 Guide..pdf
bysy33nn1pvm0ykdle9x4r
 
Compassionate Care for Families, Seniors, and Patients
byaidanbutler4355
 
MCB-Code-of-Conduct Mansehra postal service operation management
bytanolihaseeb21
 
How to open a checking and savings bank account with ....pdf
by4b6fi2jol3skajahxend
 
GLIMPSE OF 2025 -- TECH EHS Solution | 18 Years of EHS Experties
byTECH EHS Solution
 
NAS For MEs Presentation relating to Nepal
bySarunChhetri1
 
Encyclopedia of Cyber Warfare by Paul J. Springer (z-lib.org).pdf
byolongapopnp
 
Capital One Bank – Best Selling Online Banking PHP Script.pdf
by4b6fi2jol3skajahxend
 
How to purchase a safely verified Chime bank account ....pdf
byndsfcm3nubx18jc4s6f4
 

Implications of acts in organizations

  • 1.
    Implications of Actsin Organizations Deepak . S Kasturi Pal Mervin.S Sudhanshu cyril Swarupa rani sahu
  • 2.
    HIPAA Health Insurance Portabilityand Accountability Act
  • 3.
    What is HIPAA? •The Health Insurance Portability and Accountability Act enacted by the U.S. Congress • Uses electronically exchangeable data to effectively help in healthcare • Standards are used to monitor confidentiality and security of the patient data
  • 4.
    What information iscovered under HIPPA? • Patient Health Information (PHI) is covered under HIPPA • Any information related to the physical and mental health of the patient in the past, present or future is considered a PHI • PHI is either created or received by the organization in order to properly care for the patient
  • 5.
    Why is thisimportant? • Almost all healthcare units started using electronic medical records to make care more efficient • This leads to breaches from both outside and within the organization • One’s health information can be used as a commercial advantage, personal gain, or malicious harms
  • 6.
    Security in HIPPA •Patients have the right to obtain and amend their PHI • They also have the right to know how PHI is used and who it is disclosed to • Administrative measures must do detail record keeping and procedure compliance
  • 7.
  • 8.
    About the Act •Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act • Passed in Oct.2001 by then president Mr. George Bush Jr. • Mother of all acts
  • 9.
    Effect of PATRIOTact on E-commerce  Indirect repercussions  Stringent measures for B2B and B2C transactions  Wire transfer of money became difficult  Increased interference of government  in financial activities of Institutions
  • 10.
    Effect on E-Governance •Establishment of financial crime network (FinCNE) • Increased data sharing • Increased screening of foreign nationals • Greater emphasis on knowledge management
  • 11.
  • 12.
    STOP ONLINE PIRACYACT (2012) • Introduced by U.S. Representative Lamar S. Smith in 2011 • Stack holders of SOPA ▫ Hollywood Production Houses e.g. Warner Brothers, Columbia Motion Picture ▫ Recording Industry e.g. Recording Industry Association of America ▫ Broadcasting Association
  • 13.
    Organization opposing theact • Wikipedia • Google • Online video hosting websites • Websites providing Torrent facility • Facebook • Twitter • Flicker
  • 14.
    Implications of SOPA •Domain name system (DNS) will be affected • Internal networks-VPN • Different from PROTECT IP • Blocking of websites with copyright content • Blocking the IP addresses
  • 15.
  • 16.
    • The Child Online Protection Act (COPA)was a law in the United States of America, passed in 1998. • The law, however, never took effect, as three separate rounds of litigation led to a permanent injunction against the law in 2009
  • 17.
    COPPA • Children’s OnlinePrivacy Protection Act • Passed on 22nd April 2000 • Protects the privacy of the children • Destroy the data collected from children of age less than 13 within 1 year • To have verifiable consent of the parents • display the information collected on the website
  • 18.
    PROTECT(Prosecutorial Remedies andOther Tools to end the Exploitation of Children Today)Act • The PROTECT Act of 2003 is a United States law with the stated intent of preventing child abuse. • Authorizes wiretapping and monitoring of other communications in all cases related to child abuse or kidnapping. • Provides for mandatory life imprisonment of sex offenses against a minor if the offender has had a prior conviction of abuse against a minor, with some exceptions.
  • 19.
    Effects of PROTECTAct • Bars pre-trial release of persons charged with specified offenses against or involving children. • Establishes a program to obtain criminal history background checks for volunteer organizations. • Eliminates statutes of limitations for child abduction or child abuse. • Assigns a national AMBER Alert Coordinator. • Prohibits drawings, sculptures, and pictures of such drawings and sculptures depicting minors in actions or situations that meet the Miller test of being obscene.
  • 20.
  • 21.
    Sarbanes Oxley Act •Enron and WorldCom Collapse - Financial frauds – led to the formation of Sarbanes Oxley act • Key Implications  Independence of audit committee  CE and CFO certification of financial statements – SOX 906  SOX 302 – Corporate responsibility for financial reports  SOX 409 – Real time disclosure – disclose information on material changes in finance on rapid and current basis  Whistle-Blower Protection - Document Destruction
  • 22.
    Key sections relatedto the Act • SOX 404 – Management assessment of Internal controls over financial reporting – Role of IT  Management create reliable internal financial controls • Destruction of documents – Periodic policy needed • Responsibilities IT representatives on SOX teams  Understanding organization’s internal control program and financial reporting process  Mapping the two to find financial statements  Designing and implementing controls  Documenting and testing the controls designed to mitigate risk – continuous monitoring
  • 23.
    Contd .. •Strong IT controls needed  External auditors – rely on process approach- Evaluation based on manual/automated controls  Inherent security and control risk – due to virtual corporate and ecommerce  Large corporate spending on IT - Greater return expected • Entry level It securities needed  Trusted Path  Firewall Architectures and Connections with Public Network – denial of services and unauthorized access to internal resources  Identification, Authentication, and Access  User account management
  • 24.
    Case – RetailChain • The Scenario  IT process used for creation, update and manipulation of financial data  Own database – ERP for creation of all financial data and reports for SEC filings • Audit findings  Variety of database tools used to insert/delete/modify (unmitigated) data from underlying ERP databases  User id/password for internal authentication  No controls in org. beyond basic authentication.
  • 25.
    Solutions • Controls ondata access and updating of underlying financial databases - ERP system access and any other access • Automated provisioning process - segregation of duties to approve the creation of system user IDs and access privileges, as well as modification and removal. • Audit logging and reporting infrastructure for reporting system - conformance to the organization’s internal policies and standards.
  • 26.
  • 27.
    How did FISMAoriginate? • FISMA was introduced by replacing GISRA, title III of the Electronic Government Act of 2002 • The FISMA Implementation Project was established in January 2003 to produce several key security standards and guidelines required by Congressional legislation of USA.
  • 28.
    Need for FISMA? Theneed to secure information infrastructure used in all federal agencies. OBJECTIVES: ▫ For the implementation of a cost-effective, risk-based information security programs ▫ For the establishment of a level of security due diligence for federal agencies and contractors supporting the federal government ▫ To create a more consistent and cost-effective application of security controls across the federal information technology infrastructure ▫ To create a more consistent, comparable, and repeatable security control assessments
  • 29.
    Contd.. ▫ To generatea better understanding of enterprise-wide mission risks resulting from the operation of information systems ▫ Lastly, to create a more complete, reliable, and trustworthy information for authorizing officials--facilitating more informed security authorization decisions ▫ And also to make sure that there are more secure information systems within the federal government including the critical infrastructure of the United States
  • 30.
    Requirements of FISMA •Appropriate officials should be assigned • Periodical review of the security controls of the information system • Security awareness training should be done • Guidelines laid by NSIT for information security control should be followed • Lastly, plan for security should be followed
  • 31.
  • 32.
    How to implementFISMA? • Generally, CIO’s are given the responsibility in compliance with the CISO • Then the IG’s review the process and reporting • Reports are sent to the OMB by the end of each financial year. • Reporting standards are governed by OMB 130 and NSIT special publication 800-26 with changes including of 800-53
  • 33.
    Advantages of FISMA •Its considered the best approach to ensure that sensitive government systems and data are secure • Helps manage government systems and information, include insurance companies, e.g. Medicare claims, and out sourcecing companies which manage federal systems, such as Lockheed Martin, Northrop Grumman • FISMA reports by mandating a standard interface and follow a format for entering FISMA data. The OMB then provides this data via reports to other agencies.
  • 34.
    References • http://csrc.nist.gov/groups/SMA/fisma/index.html • http://www.authorstream.com/Presentation/aSGues t7375-125409-fisma-business-finance-ppt- powerpoint/ • http://community.ca.com/blogs/iam/archive/2009/1 1/12/the-relative-adoption-of-fisma.aspx • http://csrc.nist.gov/groups/SMA/fisma/index.html • http://searchsecurity.techtarget.com/definition/Fede ral-Information-Security-Management-Act
  • 35.
    References contd …. • Wikipedia • http://www.coppa.org/coppa.htm • www.fincen.gov › Statutes & Regulations • www.hhs.gov • http://news.cnet.com/8301-31921_3-57329001-281/how-sopa-would-affect-you- faq/ • http://www.pwc.lu/en_LU/lu/it-effectiveness/docs/pwc-sarbanes- oxley210606.pdf • http://www.sans.org/reading_room/whitepapers/casestudies/impact-sarbanes- oxley-act-security_1344 • . http://www.auerbach-publications.com/dynamic_data/2928_1724_76-10- 01.pdf. http://accounting.smartpros.com/x43196.xml • http://www.stalback.net/duppsats.pdf • http://www.aacsb.edu/publications/archives/julyaug05/p24-29.pdf

Editor's Notes

  • #11 FBI’s Integrated Automated Fingerprint Identification System (IAFIS)