Assignment:
Many federal regulations and industry standards govern how data is utilized and business is transacted in the cybersecurity realm. In this activity, you will review and discuss those compliance requirements - Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), Federal Information Security Management Act (FISMA), and the Graham-Leach-Bliley Act (GLBA) - as well as how an organization is classified for compliance. Additionally, you will review the purpose of the American Institute of Certified Public Accountant (AICPA) "Trust Services" as it relates to personal privacy.
In HIPAA, what information is protected and who is covered by the security rule?
- When does a company need to comply with PCI DSS?
- What are the five principles of the AICPA Trust Services & Principles Criteria?
- If you are not a federal agency, do you need to be concerned with complying with FISMA?