Security Standards and
Regulations
[ From chapter-18 of the book "Information Technology in Banking" written by Abul Kashem Md. Shirin and Nusrat Tamanna Prianka and published by Institute of Bankers, Bangladesh (IBB) ]
1. Standards and Regulations:
Many governments around the world are preparing or
have adopted standards (which the
enterprises may follow to improve their IT security) / regulations (which the enterprises must follow to avoid
penalties) prescribing how companies should manage and control information
security. The aim is simple: compel management and boards of directors to be
responsible for information security, and encourage them to display the same
“due diligence” they devote to protecting their assets.
Such regulations include Sarbanes-Oxley Act of 2002
(SOX), the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance
Portability and Accountability Act of 1996 (HIPAA), USA Patriot Act,
Canada PIPEDA and standards include BS7799 (or ISO17799), “Guideline on ICT Security for schedule
Banks and Financial Institutions” framed by the Bangladesh Bank (Central
Bank of Bangladesh) and many national standards.
A
brief comparison of some of the Security Standards / regulations is given
below:
Security Regulations
/ Standards
|
Who should
comply?
|
What do the
security provisions cover?
|
What are the
penalties?
|
When is it in
Effect?
|
Sarbanes-Oxley Act of 2002
|
All public companies subject to US security laws
|
Internal controls and financial disclosures
|
Criminal and civil penalties
|
Current law
|
Gramm-Leach- Bliley Act of 1999
|
Financial institutions
|
Security of customer records
|
Criminal and civil penalties
|
Current law
|
Health Insurance Portability and Accountability Act (HIPAA)
|
Health plans, health care clearinghouses, and health care providers
|
Personal health information in electronic form
|
Civil fines and criminal penalties
|
Current law
|
BS7799 /
ISO 17799
|
Any enterprise interested in improving IT security
|
Information Security Management System (ISMS) of any
enterprise
|
Not a law, thus no penalty provision
|
Current Security Standard
|
Guideline on ICT Security for schedule Banks and
Financial Institutions
|
Banks and financial institutes in Bangladesh
|
Security of IT assets and customer data
|
Not a law, thus no penalty provision
|
Current Security Standard
|
An organization that complies with any one of these standards
/ regulations already possesses a concrete and practical information security
management system.
For example, HIPAA tackles the same subjects as the
ISO 17799 standard while placing the emphasis on the protection of private
information. Compliance with ISO 17799 and BS7799-2 can include the definition
of policies and procedures for the security of a company’s sensitive
information, as touched on in SOX.
In
this chapter we will discuss on the Security Standards, specifically on the
“Guideline
on ICT Security for schedule Banks and Financial Institutions” published by the
Bangladesh Bank and the BS7799 (or ISO 17799).
2. Benefits of complying a Security
Standard
Obviously,
complying with a Security Standard and obtaining “certification” on a certain
standard does not in itself prove that an organization is 100% secure. The
truth is, barring a cessation of all activity, there is no such thing as
complete security. Nevertheless, adopting a standard confers certain advantages
that any manager should take into consideration, including:
At the organizational level
Commitment: certification serves as a guarantee of the
effectiveness of the effort put into rendering the organization secure at all
levels, and demonstrates the due diligence of its administrators.
At the legal level
Compliance: certification demonstrates to competent
authorities that the organization observes all applicable laws and regulations.
At the operating level
Risk management: leads to a better knowledge of information
systems, their weaknesses and how to protect them. Equally, it ensures a more
dependable availability of both hardware and data.
At the commercial level
Credibility and
confidence: partners, shareholders
and customers are reassured when they see the importance afforded by the
organization to protecting information. Certification can help set a company
apart from its competitors and in the marketplace.
At the financial level
Reduced
costs related to security breaches, and possible reduction in insurance
premiums.
At the human level
Improves
employee awareness of security issues and their responsibilities within the
organization.
Great post!!Thanks for sharing it with us....really needed.Ordering Checks from Printing Service Companies.There are plenty of personal printers and check printing suppliers online these days which can supply quick and secure customized checks. Personal or business checks don’t need to be created by your bank.Ordering Checks Online
উত্তরমুছুনUnderstanding security standards and regulations is crucial for safeguarding information and maintaining trust. These guidelines ensure that systems are protected against threats and that sensitive data is handled responsibly. Adhering to established standards not only helps in mitigating risks but also builds credibility and compliance across various industries. Staying informed about these regulations is essential for both businesses and individuals to stay ahead of potential security challenges.
উত্তরমুছুনMERN Stack Training in Mysore
Unlock your potential with our comprehensive MERN Stack training in Mysore. Designed
for both beginners and experienced developers, our courses offer hands-on experience in
MongoDB, Express.js, React, and Node.js. Led by industry professionals, our program
equips you with the skills and knowledge needed to excel in full-stack development.
Join us in Mysore to advance your career and become proficient in the MERN Stack.
https://softpro9.com/MERN-Stack-Training-in-Mysore/
Understanding security standards and regulations is crucial in today’s digital landscape. They ensure that systems and data are protected against threats and vulnerabilities. Staying updated with these standards helps maintain robust security practices and compliance. It's essential for safeguarding information and building trust in any organization. 🔒📜
উত্তরমুছুনSoftware Training Institutes in Bangalore
"Discover the top-notch software training institutes in Bangalore dedicated to honing your
expertise and empowering your career. Our institutes offer comprehensive courses and hands-on
training led by industry experts, ensuring you gain proficiency in the latest software
technologies. Elevate your skills in programming languages, software development, data
analytics, cybersecurity, and more. Join us to unlock a world of opportunities and propel
your career towards success. Enroll today and become a sought-after professional in the
dynamic realm of software technology."
https://myinstitutes.com/