X hits on this document

PDF document

The New Law of Information Security: - page 17 / 29

133 views

0 shares

0 downloads

0 comments

17 / 29

In addition, there are several more specific categories of security measures that regulations often require companies to consider. They include the following:

Physical Facility and Device Security Controls – procedures to safeguard the facility,79 measures to protect against destruction, loss, or damage of information due to potential environmental hazards, such as fire and water damage or technological failures,80 procedures that govern the receipt and removal of hardware and electronic media into and out of a facility, and procedures that govern the use and security of physical workstations.

81 82

Physical Access Controls – access restrictions at buildings, computer facilities, and records storage facilities to permit access only to authorized individuals.

83

Technical Access Controls – policies and procedures to ensure that authorized persons who need access to the system have appropriate access, and that those who should not have access are prevented from obtaining access,84 including procedures to determine access authorization,85 procedures for granting and controlling access,86 authentication procedures to verify that a person or entity seeking access is the one claimed,87 and procedures for terminating access.

88

Intrusion Detection Procedures – procedures to monitor log-in attempts and report discrepancies;89 system monitoring and intrusion detection systems and procedures to detect actual and attempted attacks on or intrusions into

79

HIPAA Security Regulations,

80

GLB Security Regulations, 12

81

HIPAA Security Regulations,

82

HIPAA Security Regulations,

83 GLB Security Regulations, 12 C.F.R. Section 164.310(a)

45 C.F.R. Section 164.310(a)(2)(ii) C.F.R. Part 30 Appendix B, Part III.C. 45 C.F.R. Section 164.310(d) 45 C.F.R. Sections 164.310(b) and (c) C.F.R. Part 30 Appendix B, Part III.C; HIPAA Security Regulations, 45

84

HIPAA Security Regulations,

85 HIPAA Security Regulations, Part 30 Appendix B, Part III.C

45 C.F.R. Section 164.308(a)(3) 45 C.F.R. Section 164.308(a)(3)(ii); GLB Security Regulations, 12 C.F.R.

86

HIPAA Security Regulations, Discontinuance, Para. 25, p. 6

45 C.F.R. Section 164.308(a)(4) and 164.312(a); Ziff Davis Assurance of

87

88

89

HIPAA Security Regulations, HIPAA Security Regulations, HIPAA Security Regulations,

45 C.F.R. Section 164.312(d) 45 C.F.R. Section 164.308(a)(3)(ii)(C) 45 C.F.R. Section 164.308(a)(5)(ii)(C)

17

Document info
Document views133
Page views135
Page last viewedMon Dec 05 02:01:41 UTC 2016
Pages29
Paragraphs577
Words11953

Comments