Corporate Compliance, Governance and IT security
Over the last 5 years we have seen significant changes in the attitude of regulators towards the commitment of different industries to information privacy and corporate compliance.   In the USA and in Europe specific laws have been passed that require corporate compliance and due-diligence   Increasingly fines and even criminal penalties are being applied where corporate compliance is ignored.
- Sarbanes-Oxley (SOX)
This paper considers the Sarbanes-Oxley regulation. Corporate compliance and governance have become critical issues for most organizations. Sarbanes-Oxley can impact on the IT security requirements which inevitably form part of formal company reporting.
- HIPAA (Health Insurance Portability & Accountability Act)
HIPAA is very wide ranging regulation addressing information handling requirements at professional and technical levels. We concentrate on the areas of the HIPAA Security Rule with the regard to the requirements to implement technical measures that ensure privacy in all its requirements.
- Gramm-Leach-Bliley Act (GLBA)
This paper considers the application of the Gramm Leach Bliley Act (GLBA) on information security. GLBA requires the enhanced protection of non-public personal information, including health information. It is applied specifically to the finance industry and again there is a requirement for corporate compliance.
- ISO 17799 (BS7799)
This paper addresses how the enterprise should manage its information security consistent with management standards such as ISO 9000/14000. It contains over 200 controls that an enterprise should consider implementing, including the management requirements for outsourcing systems and services.