icon

Articles by tag "laws"

3/20/2019 Compliance

Ask Our VP of Compliance: March 2019

What Cyber Laws Apply to Me?

It is becoming ever so clear that compliance isn't an easy task handled by the IT department, but that it's a team effort from all the departments. This makes it more difficult in regards to what's applicable so our VP of Compliance has broken down all the laws into simpler terms to be able to distinguish which law you must abide! 

12/19/2018 Compliance

Ask Our VP of Compliance: December 2018

IT Compliance vs. IT Security : “What’s the difference?”

It is without a doubt that 2018 has become the year of IT Compliance. With so many new laws becoming effective, including EU’S GDPR, California’s Data Privacy Law, and Canada’s PIPEDA, the line between security and compliance may seem easily blurred for IT professionals. So, the question becomes: How do we produce a comprehensive security program, while ensuring that we meet compliance obligations? However, there is one problem that surfaces repeatedly, regardless of which regulatory standard (e.g., PCI, HIPAA, etc.) your company must meet, and that is failing to understand the difference between compliance and security. Sometimes organizations think that these are one and the same to the point that they become so consumed by complicated regulations that they stop focusing on security altogether. This month's edition of Ask Our VP of Compliance will address the differences between IT Compliance and IT Security:

  • IT Security: Explained
  • IT Compliance: Explained
  • What Are the Differences? And Why are Both Necessary?
  • How do IT Compliance Management and IT Security Management Integrate?
  • Becoming COMPLIANT and SECURE
11/14/2018 Compliance

Seven Firms accused of violating GDPR by Privacy International

On May 25th of 2018, GDPR Became effective, bringing a demanding standard for data protection and privacy rights for individuals from organizations around the world. Privacy International (PI), which is a charity that defends and promotes the right to privacy, accused seven firms of “disregarding data protection principles, including purpose limitation, data minimization and data accuracy”.

 

To prevent and protect other firms from being in the same situation, Digital Edge would like to state some general reminders about the law.

 

9/29/2018 Compliance

US Data Breach Notification Laws- State by State

All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

 

Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, driver’s license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).

9/17/2018 Compliance

Ask Our VP of Compliance: September 2018

In 2018, one thing is for certain: changes are happening—fast. Technology changes, as usual, are the focus this year as we watch new innovations unfold, new products emerge, and businesses take hold of new opportunities. However, tech isn’t the only thing changing rapidly. This year, Digital Edge’s Compliance articles have covered brand new regulations that have taken effect, which are likely to have impacted your business. 

 

Businesses must be aware of new laws and policy changes, no matter where they operate or what kind of business it is. A recent article published by Business News Daily says it best, “Staying apprised of policy changes could be the difference between gaining a competitive edge or falling behind due to compliance issues or strategic missteps.”

 

But, what about IT laws and regulations that already exist? Are you aware of what guidelines you should already be following? That is why, Digital Edge's VP of Compliance breaks down all the laws in this months Ask Our VP of Compliance!

9/20/2015 White Papers

Log Management Compliance - FISMA - Federal Information Security Management Act

FISMA requires all federal agencies to document and implement controls for information technology systems that support their operations and assets.

LogIT simplifies FISMA compliance with its fully automated log collection, collecting and recovery across the agency’s entire infrastructure. Providing tools at the fingertip that align the organization’s risk assessment with forensic investigations, reporting, and prioritizing settings. LogIT already automatically achieves the first level of log analysis, by categorizing log data that is identified and stabilized for easy analysis and reporting.

9/20/2015 White Papers

Log Management Compliance - ISO 27001 - International Organization for Standardization

The ISO 27001 standard is a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving management systems information security (ISMS) within the context of the overall commercial risks of the organization.

ISO language in relevance to log management: "Audit logs must be turned on for security events, user activities and exceptions. They must be kept for a predetermined period of time.". The task of organizing this information can be overwhelming. In addition to the millions of individual log entities that can be generated daily, all IT environments have reporting data logs. Additional recommendations to analyze and report on log data make manual processes or internally prepared solutions are insufficient and expensive for many organizations.

9/20/2015 White Papers

Log Management Compliance - GPG 13 - Good Practice Guide 13

HMG organizations are required to follow Protective Monitoring for HMG ICT Systems, based on Communications-Electronic Security Group’s GPG 13 to gain access to UK GCSX, Government Connect Secure Extranet.

LogIT can simplify GPG 13 audits by giving direct address control obligations mandated. With the option to customize LogIT’s GPG 13 specific compliance module and reporting to your environment, our clients are empowered to build and maintain a secured compliance program. With case management, clients will be able to effortlessly conduct forensic investigations around incident response activity.

9/20/2015 White Papers

Log Management Compliance - SOX - Sarbanes-Oxley Act

SOX requires that all publicly traded companies establish and follow a framework of internal controls that support accountability and integrity of the financial reporting process. A vital part of SOX requirements includes the collection, management, and analysis of log data. 

9/20/2015 White Papers

Log Management Compliance - NERC CIP - The North American Electric Reliability Corporation

NERC has its own framework to protect bulk power systems against cybersecurity compromises that could result in operational failures or instability. The NERC CIP v5 further addresses cyber-related risks facing this sector by indorsing organizations to categorize BES, Bulk Electric Systems, into high, medium, and low impact. After being categorized, BES assets can have suitable CIP, Critical Infrastructure Protection, standard applied to address risk.

Let's talk: 800-714-5143

Speak to a specialist