X hits on this document

PDF document

The New Law of Information Security: - page 18 / 29

175 views

0 shares

0 downloads

0 comments

18 / 29

company information systems;90 and procedures for preventing, detecting, and reporting malicious software (e.g., virus software, Trojan horses, etc.);

91

Employee Procedures – job control procedures, segregation of duties, and background checks for employees with responsibility for or access to information to be protected,92 and controls to prevent employees from providing information to unauthorized individuals who may seek to obtain this information through fraudulent means;

93

System Modification Procedures – procedures designed to ensure that system modifications are consistent with the company’s security program94

Data Integrity, Confidentiality, and Storage – procedures to protect information from unauthorized access, alteration, disclosure, or destruction during storage or transmission,95 including storage of data in a format that cannot be meaningfully interpreted if opened as a flat, plain-text file,96 or in a location that is inaccessible to unauthorized persons and/or protected by a firewall;

97

Data Destruction and Hardware and Media Disposal – procedures regarding final disposition of information and/or hardware on which it resides, and procedures for removal from media before re-use of the media;

98 99

Audit Controls -- maintenance of records to document repairs and modifications to the physical components to the facility related to security (e.g., walls, doors, locks, etc);100 and hardware, software, and/or procedural audit control mechanisms that record and examine activity in the systems

101

90 GLB Security Regulations, 12 C.F.R. Part 30 Appendix B, Part III.C; Ziff Davis Assurance of Discontinuance, Para. 24(d), p. 5 and Para. 25, p. 6

91

92

93

HIPAA Security Regulations, 45 C.F.R. Section 164.308(a)(5)(ii)(B) GLB Security Regulations, 12 C.F.R. Part 30 Appendix B, Part III.C. GLB Security Regulations, 12 C.F.R. Part 30 Appendix B, Part III.C.

94 GLB Security Regulations, 12 C.F.R. Part 30 Appendix B, Part III.C; Ziff Davis Assurance of Discontinuance, Para. 25, p. 6

95 GLB Security Regulations, 12 C.F.R. Part 30 Appendix B, Part III.C; Ziff Davis Assurance of Discontinuance, Para. 25, p. 6; HIPAA Security Regulations, 45 C.F.R. Sections 164.312(c) and (e)

96 Ziff Davis Assurance of Discontinuance, Para. 25, p. 6 Ziff Davis Assurance of Discontinuance, Para. 25, p. 6 HIPAA Security Regulations, 45 C.F.R. Section 164.310(d)(2)(i) HIPAA Security Regulations, 45 C.F.R. Section 164.310(d)(2)(ii) HIPAA Security Regulations, 45 C.F.R. Section 164.310(a)(2)(iv) HIPAA Security Regulations, 45 C.F.R. Section 164.312(b) 97 98 99 100 101

18

Document info
Document views175
Page views177
Page last viewedSun Jan 22 14:57:37 UTC 2017
Pages29
Paragraphs577
Words11953

Comments