SlideShare a Scribd company logo

Infographic-2-MainFrame-Compliance-Standards

C
Clint Walker

InfoSec, Inc. is a mainframe security company that helps clients comply with various cybersecurity standards and regulations. The document discusses several key compliance points that many IT managers find overwhelming including: Sarbanes-Oxley (SOX), which aims to improve financial disclosures from public companies; the Gramm-Leach-Bliley Act (GLBA), which protects private financial information; the Payment Card Industry Data Security Standard (PCI DSS), which protects payment card data; the Federal Information Security Management Act (FISMA), which strengthens information security in federal agencies; and the Health Insurance Portability and Accountability Act (HIPAA), which protects private health information. With so many compliance standards to follow

1 of 1
Download to read offline
Mainframe Security: Compliance Standards Can Be Overwhelming INFOGRAPHIC 80% 14001-C St. Germain Dr. • Suite 809 • Centreville, VA 20121 • 703-825-1202 • www.infosecinc.com InfoSec, Inc., a small business, is a premier mainframe services and software provider with services focused on IBM-RACF, CA-ACF2 and CA-Top Secret. We have been providing high-quality mainframe services and software since 1998, from operating system installation, upgrade, performance and tuning, third-party software support and more on both the z/OS and VM/VSE platforms, offering the finest available expertise for securing and supporting IBM z/OS and VM/VSE environments and for the IBM-RACF, CA-Top Secret and CA-ACF2 security systems. When it comes to mainframe data security and monitoring, the list of key compliance points and standards is long and ever-growing. As the list grows over time, many IT managers are left asking, SARBANES-OXELY Sarbanes-Oxely (SOX) is a federal law that sets new or expanded requirements for all U.S. public company boards, management, public accounting firms, and privately held companies. The average amount that a large company in the U.S. spent on SOX compliance in 2014 $1,000,000 Large companies typically spend more than a year to become completely SOX compliant GRAMM-LEACH-BLILEY ACT The Gramm-Leach-Bliley Act (GLBA) requires companies that offer consumers financial products or services like loans, financial advice, or insurance to safeguard sensitive data and explain their information sharing practices to their customers. To be compliant you need to secure the following nonpublic personal information: Name Address SSN Social Security Account Info #$ Court Records and more... GLBA also requires that organizations provide easily understandable privacy statements to consumers and offer them the option to opt-out of third-party data sharing. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PICS DSS) is a set of standards set by major payment card processing companies in partnership with the Better Business Bureau. It protects consumers’ payment information while using credit or debit cards, or shopping with an integrated payment app or on the web. Businesses are categorized by the amount of transactions they process in a year Level 1 Level 2 Level 3 Level 4 < 20K 20K - 1M 1M - <6M 6M+ The average Level 1 merchant will spend nearly to obtain PCI DSS compliance $700,000 FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 The Federal Information Security Management Act of 2002 (FISMA) assigns specific responsibilities to federal agencies in order to strengthen information security systems. In particular, FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce information technology security risks to an acceptable level. EMPLOYEE? HACKER? ! HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT The Health Insurance Portability and Accountability Act (HIPAA) requires health care providers and organizations, as well as their associates, to develop and follow procedures that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred, received, handled, or shared. The amount organizations in violation of HIPAA may be fined per incident $50,000 Health care records are worth 50x what credit card numbers are on the black market $ 50 SOX Compliance Standards Checklist PCI HIPAAFISMAGLBA of data breaches come from within the organization itself1 "Did I miss something?" 1 http://www.networkworld.com/article/2268110/lan-wan/chapter-1--understanding-network-security-principles.html

Recommended

Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate Profile
Raz-Lee Security
 
finance_brochure
finance_brochurefinance_brochure
finance_brochure
Patrick Whelan, CISA
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Mafazo: Digital Solutions
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
 
DOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicDOL Fiduciary Rule Infographic
DOL Fiduciary Rule Infographic
EAI Information Systems
 
Dynamic systems e ticket system for law enforcement
Dynamic systems e ticket system for law enforcementDynamic systems e ticket system for law enforcement
Dynamic systems e ticket system for law enforcement
Dynamic Systems
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
 
Avoid the Audit Trap
Avoid the Audit TrapAvoid the Audit Trap
Avoid the Audit Trap
Ideba
 

Recommended

Raz-Lee Security Corporate Profile
Raz-Lee Security Corporate ProfileRaz-Lee Security Corporate Profile
Raz-Lee Security Corporate Profile
Raz-Lee Security
 
finance_brochure
finance_brochurefinance_brochure
finance_brochure
Patrick Whelan, CISA
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Mafazo: Digital Solutions
 
Supply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - WhitepaperSupply Chain Risk Management corrected - Whitepaper
Supply Chain Risk Management corrected - Whitepaper
NIIT Technologies
 
DOL Fiduciary Rule Infographic
DOL Fiduciary Rule InfographicDOL Fiduciary Rule Infographic
DOL Fiduciary Rule Infographic
EAI Information Systems
 
Dynamic systems e ticket system for law enforcement
Dynamic systems e ticket system for law enforcementDynamic systems e ticket system for law enforcement
Dynamic systems e ticket system for law enforcement
Dynamic Systems
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
Aspiration Software LLC
 
Avoid the Audit Trap
Avoid the Audit TrapAvoid the Audit Trap
Avoid the Audit Trap
Ideba
 
PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
HelpSystems
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
IT Strategy Group
 
Cyber risk
Cyber riskCyber risk
Cyber risk
Tarek Younan
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Lavante Inc.
 
Technology & Life Science Practice, FailSafe Overview
Technology & Life Science Practice, FailSafe OverviewTechnology & Life Science Practice, FailSafe Overview
Technology & Life Science Practice, FailSafe Overview
Cary Adler
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
Art Hall
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Business Plan: ITfit
Business Plan: ITfitBusiness Plan: ITfit
Business Plan: ITfit
Temi Vasco
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
Maarten Werff
 
Current System
Current SystemCurrent System
Current System
davidjurban
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for success
Sarah Fane
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Vendor File Clean Up And Management
Vendor File Clean Up And ManagementVendor File Clean Up And Management
Vendor File Clean Up And Management
Lavante, Inc.
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
Citrix
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
lgcdcpas
 
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresEY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
Julien Boucher
 
PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
Holly Vega
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
Randy B.
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
 

More Related Content

What's hot

PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
HelpSystems
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
IT Strategy Group
 
Cyber risk
Cyber riskCyber risk
Cyber risk
Tarek Younan
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Precisely
 
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Lavante Inc.
 
Technology & Life Science Practice, FailSafe Overview
Technology & Life Science Practice, FailSafe OverviewTechnology & Life Science Practice, FailSafe Overview
Technology & Life Science Practice, FailSafe Overview
Cary Adler
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
Art Hall
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Business Plan: ITfit
Business Plan: ITfitBusiness Plan: ITfit
Business Plan: ITfit
Temi Vasco
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
dawnrk
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
Maarten Werff
 
Current System
Current SystemCurrent System
Current System
davidjurban
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for success
Sarah Fane
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Vendor File Clean Up And Management
Vendor File Clean Up And ManagementVendor File Clean Up And Management
Vendor File Clean Up And Management
Lavante, Inc.
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
Citrix
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
lgcdcpas
 
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresEY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
Julien Boucher
 

What's hot (19)

PCI Compliance white paper
PCI Compliance white paper PCI Compliance white paper
PCI Compliance white paper
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
 
Cyber risk
Cyber riskCyber risk
Cyber risk
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
 
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
 
Technology & Life Science Practice, FailSafe Overview
Technology & Life Science Practice, FailSafe OverviewTechnology & Life Science Practice, FailSafe Overview
Technology & Life Science Practice, FailSafe Overview
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Business Plan: ITfit
Business Plan: ITfitBusiness Plan: ITfit
Business Plan: ITfit
 
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenbergIbm ofa ottawa_ how_secure_is_your_data_eric_offenberg
Ibm ofa ottawa_ how_secure_is_your_data_eric_offenberg
 
Ibm q radar_blind_references
Ibm q radar_blind_referencesIbm q radar_blind_references
Ibm q radar_blind_references
 
Current System
Current SystemCurrent System
Current System
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for success
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Vendor File Clean Up And Management
Vendor File Clean Up And ManagementVendor File Clean Up And Management
Vendor File Clean Up And Management
 
PCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application SecurityPCI DSS Success: Achieve Compliance and Increase Web Application Security
PCI DSS Success: Achieve Compliance and Increase Web Application Security
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresEY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
 

Similar to Infographic-2-MainFrame-Compliance-Standards

PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
Holly Vega
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
Randy B.
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Rapid7
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Jason Dover
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck
Richard (Dick) Kaufman
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS Certification
Digital Security
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
Enterprise Technology Management (ETM)
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
Alexander Polyakov
 
DataPower for PCI
DataPower for PCIDataPower for PCI
DataPower for PCI
DanteJara8
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
Symantec
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT Security
Linda Lopez
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
Mestizo Enterprises
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
RapidScale
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
Scott Satterwhite
 
Jelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with AxcientJelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with Axcient
Erin Olson
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
Shantam Goel
 
Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015
Clint Walker
 
21 Cybersecurity Companies You Need to Know.pptx
21 Cybersecurity Companies You Need to Know.pptx21 Cybersecurity Companies You Need to Know.pptx
21 Cybersecurity Companies You Need to Know.pptx
SonaliG6
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 

Similar to Infographic-2-MainFrame-Compliance-Standards (20)

PCI Compliance Report
PCI Compliance ReportPCI Compliance Report
PCI Compliance Report
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck
 
Application Security and PA DSS Certification
Application Security and PA DSS CertificationApplication Security and PA DSS Certification
Application Security and PA DSS Certification
 
Qradar Business Case
Qradar Business CaseQradar Business Case
Qradar Business Case
 
Application security and pa dss certification
Application security and pa dss certificationApplication security and pa dss certification
Application security and pa dss certification
 
DataPower for PCI
DataPower for PCIDataPower for PCI
DataPower for PCI
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT Security
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]Financial Services-ready Public Cloud white paper [march 9, 2020]
Financial Services-ready Public Cloud white paper [march 9, 2020]
 
Jelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with AxcientJelecos: Achieving Compliance with Axcient
Jelecos: Achieving Compliance with Axcient
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015Infographic-1-MainFrame BlindSpots_082015
Infographic-1-MainFrame BlindSpots_082015
 
21 Cybersecurity Companies You Need to Know.pptx
21 Cybersecurity Companies You Need to Know.pptx21 Cybersecurity Companies You Need to Know.pptx
21 Cybersecurity Companies You Need to Know.pptx
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 

Infographic-2-MainFrame-Compliance-Standards

  • 1. Mainframe Security: Compliance Standards Can Be Overwhelming INFOGRAPHIC 80% 14001-C St. Germain Dr. • Suite 809 • Centreville, VA 20121 • 703-825-1202 • www.infosecinc.com InfoSec, Inc., a small business, is a premier mainframe services and software provider with services focused on IBM-RACF, CA-ACF2 and CA-Top Secret. We have been providing high-quality mainframe services and software since 1998, from operating system installation, upgrade, performance and tuning, third-party software support and more on both the z/OS and VM/VSE platforms, offering the finest available expertise for securing and supporting IBM z/OS and VM/VSE environments and for the IBM-RACF, CA-Top Secret and CA-ACF2 security systems. When it comes to mainframe data security and monitoring, the list of key compliance points and standards is long and ever-growing. As the list grows over time, many IT managers are left asking, SARBANES-OXELY Sarbanes-Oxely (SOX) is a federal law that sets new or expanded requirements for all U.S. public company boards, management, public accounting firms, and privately held companies. The average amount that a large company in the U.S. spent on SOX compliance in 2014 $1,000,000 Large companies typically spend more than a year to become completely SOX compliant GRAMM-LEACH-BLILEY ACT The Gramm-Leach-Bliley Act (GLBA) requires companies that offer consumers financial products or services like loans, financial advice, or insurance to safeguard sensitive data and explain their information sharing practices to their customers. To be compliant you need to secure the following nonpublic personal information: Name Address SSN Social Security Account Info #$ Court Records and more... GLBA also requires that organizations provide easily understandable privacy statements to consumers and offer them the option to opt-out of third-party data sharing. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PICS DSS) is a set of standards set by major payment card processing companies in partnership with the Better Business Bureau. It protects consumers’ payment information while using credit or debit cards, or shopping with an integrated payment app or on the web. Businesses are categorized by the amount of transactions they process in a year Level 1 Level 2 Level 3 Level 4 < 20K 20K - 1M 1M - <6M 6M+ The average Level 1 merchant will spend nearly to obtain PCI DSS compliance $700,000 FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 The Federal Information Security Management Act of 2002 (FISMA) assigns specific responsibilities to federal agencies in order to strengthen information security systems. In particular, FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce information technology security risks to an acceptable level. EMPLOYEE? HACKER? ! HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT The Health Insurance Portability and Accountability Act (HIPAA) requires health care providers and organizations, as well as their associates, to develop and follow procedures that ensure the confidentiality and security of Protected Health Information (PHI) when it is transferred, received, handled, or shared. The amount organizations in violation of HIPAA may be fined per incident $50,000 Health care records are worth 50x what credit card numbers are on the black market $ 50 SOX Compliance Standards Checklist PCI HIPAAFISMAGLBA of data breaches come from within the organization itself1 "Did I miss something?" 1 http://www.networkworld.com/article/2268110/lan-wan/chapter-1--understanding-network-security-principles.html