Compliance and Frameworks 3.1

Question 1

Compliance

Answer 1

IT security has a lot of compliance standards to meet. Laws, policies, regulations. There are many catalogs of rules based on industry or based on the data you are handling. There are potential fines, loss of employment, or even incarceration. The regulations could be domestic or international.

Question 2

Sarbanes-Oxly Act (SOX)

Answer 2

Regulator, the Public Company Accounting Reform and Investor Protection Act of 2002. If you are a public company, you will deal with a lot of these regulations.

Question 3

The Health Insurance Portability and Accountability Act (HIPPA)

Answer 3

Extensive healthcare standards for storage, use, and transmission of health care information. Penalties for no compliance here can be very harsh.

Question 4

The Gramm-Leach-Bliley Act of 1999 (GLBA)

Answer 4

Disclosure of privacy information from financial institutions.

Question 5

Industry-Specific Frameworks

Answer 5

Control Objective for Information and Related Technologies (COBIT).

Information Technology Infrastructure Library (ITIL).

Question 6

Control Objective for Information and Related Technologies (COBIT)

Answer 6

Focuses on IT regulatory compliance, risk management, and aligning TI strategy with organizational goals.

Question 7

Information Technology Infrastructure Library (ITIL).

Answer 7

They are now just know as ITIL. Focuses on multiple stages of the IT lifecycle. Service design, service transition, service operations, service strategy, continual service improvement.