Organizations face a range of legislative requirements which focus on information protection and control. Some regulations protect sensitive customer or patient information (SB1386,GLBA, PCI, HIPPA) while others emphasis internal control and information integrity (SOX, NASD2711).
These regulatory acts require organizations to report and monitor usage and ensure that adequate control processes are in place. Many list in detail the security measures required in order to comply. Regulation is a significant driver, forcing organizations to ensure compliance regardless of the overall state of the economy.
SB1386
The California based privacy law SB1386 is geared towards reducing identity theft through protection of Personal Identifiable Information (PII).
Personal Information is comprised of an individual’s name in combination with any of the following: Social Security number, Driver’s License number, Credit card number and access code. Unless such information is encrypted, any loss of such information is considered a “breach of security” and therefore presents a serious threat to the organization.
Meet SB1386 compliance requirements with SmartCipher™:
 |
Automatically encrypt aII data when it is saved to removable devices.
|
|
Allow PII data to open only when it is within the organization.
|
|
Identify potential risky devices, computers or repositories which hold significant PII information risk.
|
|
Protect PII data even when it is shared with vendors or suppliers minimizing liability exposure.
|
|
Report and monitor sensitive data usage providing forensic analysis and audit history.
|
PCIDSS
Worldwide security standard PCI DSS is intended to minimize credit card (CC) fraud, reduce hacking and diminish information security vulnerabilities. It applies to any organization which stores or transmits CC data. It specifically requires organizations to protect stored CC data and encrypt any transmission of information sent across public networks, including files attached to emails. Furthermore, access to CC data should be restricted to a “need-to-know” basis. Non-compliance can be very costly.
Meet PCI DSS compliance requirements with SmartCipher™:
|
Automatically encrypt CC data when it is saved to removable devices.
|
|
Allow CC data to open only when it is within the organization.
|
|
Identify potential risky devices, computers or repositories which hold significant CC information risk.
|
|
encrypt CC data shared with vendors or outsourced to minimize liability.
|
|
Report and monitor sensitive data usage, providing forensic analysis and audit history.
|
|
Meet compliance requirements by ensuring that only authorized users access CC data on a “need-to-know” basis.
|
|
Identify fraud risk and abnormal usage patterns.
|
SOX
The Sarbanes-Oxley Act (SOX) impacts US public companies and, among other requirements, places personal responsibility for the accuracy and completeness of corporate financial reports on senior executives. Specifically, SOX section 404 requires public companies to ensure the integrity of their financial reports. In order to guarantee compliance, organizations need to make sure control mechanisms are in place, and that only authorized users have access to financial reports. They also need to document and demonstrate that such controls are effective.
Meet SOX compliance requirements with SmartCipher™:
|
Report and monitor financial information usage, providing forensic analysis and audit history.
|
|
Meet compliance requirements by ensuring that only authorized users access financial reports data on a “need-to-know” basis.
|
|
Ensure reports are modified by authorized personnel alone.
|
|
Identify fraud risk and abnormal usage patterns.
|
GLBA
As part of the Gramm-Leach-Bliley Act, which impacts financial organizations, rules were defined to protect the privacy of nonpublic consumer information. Compliance is mandatory. Companies are required to protect clients’ personal information, develop risk assessment programs and report and demonstrate compliance.
Meet GLBA compliance requirements with SmartCipher™:
|
Automatically encrypt clients’ data files when saved to removable devices.
|
|
Allow clients’ data to open only when used within authorized organizations.
|
|
Identify potential risky devices, computers or repositories which hold significant clients’ data information risk.
|
|
Protect clients’ data even when it is shared with vendors or suppliers to minimize liability exposure.
|
|
Report and monitor clients’ data usage, providing forensic analysis and audit history.
|
|
Analyze and easily assess risk exposure and failure points.
|