Security Policies
Security policies ensure that management's intentions on IT security are applied consistently throughout the organization. They help manage proactively in a "prevent, deter and detect" perspective as opposed to a reactive "correct and recover" approach. Implementation of good IT security policies helps establish and maintain a secure computing environment. Security policies are decided and based on the type of company, legislative, legal and regulatory security requirements that apply. The following legislative regulations apply to companies.Security policies ensure that management's intentions on IT security are applied consistently throughout the organization. They help manage proactively in a "prevent, deter and detect" perspective as opposed to a reactive "correct and recover" approach. Implementation of good IT security policies helps establish and maintain a secure computing environment. Security policies are decided and based on the type of company, legislative, legal and regulatory security requirements that apply. The following legislative regulations apply to companies. | Regulation | Mandating Organisation | Affected Companies | | Sarbanes-Oxley | US Securities and Exchange Commission (SEC) | Companies publicly traded on US exchanges | | Gramm-Leach-Bliley | US Office of the Comptroller of the Currency (OCC) | All financial institutions regulated by the OCC | | HIPAA Security | US Department of Health and Human Services (DHHS) | Healthcare organizations in the US | | 21 CFR Part 11 | US Food and Drug Administration (FDA) | Companies regulated by FDA (i.e. pharmaceuticals) | | Basel II | Basel Committee on Banking Supervision | Global financial service organizations | | 95/46/EC | European Union (EU) | Companies conducting business in EU member nations | | Indian – IT Act 2000 | Ministry of Law, Justice and Company Affairs (Legislative Department) | All Companies |
There are also industry security best practices like
· ISO 17799
· CERT Guidelines
|
