Payment Card Industry Data Security Standard (PCI-DSS)
Payment Card Industry Data Security Standard (PCI-DSS) is a global information security standard by “PCI Security Standards Council,” available for organizations to develop, enhance and assess security standards for handling cardholder information and security standard for payment account security. PCI Security Standards Council develops security standards for payment card industry and provides tools required for enforcement of these standards like training, certification, assessment, and scanning. Founding members of this council are: –
- American Express, Discover Financial Services
- JCB International
- MasterCard
- Visa Inc.
PCI data security standard deals with basically cardholder data security for debit, credit, prepaid, e-purse, ATM and POS cards. A high-level overview of PCI-DSS provide: –
- Secure Network
- Strong Access Control
- Cardholder data security
- Regular Monitoring and Evaluation of Network
- Maintaining Vulnerability program
- Information security policy
ISO/IEC 27001:2013
International Organization for Standardization (ISO) and International Electro-Technical Commission (IEC) are organizations that globally develop and maintain their standards. ISO/IEC 27001:2013 standard ensures the requirement, for implementation, maintenance and improvement of an information security management system. This standard is a revised edition (second) of the first edition ISO/ISE 27001:2005. ISO/IEC 27001:2013 cover the following key point in information security: –
- Implementation and maintaining Security requirements.
- Information security management processes.
- Assurance of Cost effective risk management.
- Status of Information Security Management Activities.
- Compliant with laws.
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 by Congress. HIPAA runs with Department of Health and Human Services (HHS) to develop and maintain regulation that associates with privacy and security of health information. HIPAA Security rules ensure what information is protected, additionally, the safeguards that must apply to secure electronic protected health information. HIPAA defines Electronic protected information, general rules, risk analysis, and management. Administrative safeguards including physical safeguards,
technical
safeguards ensure the confidentiality, integrity, and availability of electronic protected health information (e-PHI). The major domains in information security where HIPAA is developing and maintain standards and regulations are: –
- Electronic Transaction and Code Sets Standards
- Privacy Rules Security Rules
- National Identifier Requirements
- Enforcement Rules
Sarbanes Oxley Act (SOX)
Sarbanes Oxley Act (SOX) key requirements or provisions organizes in the form of 11 titles which are as follows: –
| Title | Majors |
| Title 1 | Public company accounting oversight board |
| Title 2 | Auditor independence |
| Title 3 | Corporate responsibility |
| Title 4 | Enhanced financial disclosures |
| Title 5 | Analyst conflicts of interest |
| Title 6 | Commission resources and authority |
| Title 7 | Studies and reports |
| Title 8 | Corporate and criminal fraud accountability |
| Title 9 | White-collar crime penalty enhancements |
| Title 10 | Corporate tax returns |
| Title 11 | Corporate fraud and accountability |
Some other regulatory bodies are offering the standards that are being deployed worldwide including Digital Millennium Copyright Act (DMCA) and Federal Information Security Management Act (FISMA). DMCA is United States copyright law whereas FISMA a framework for ensuring information security control effectiveness. According to Homeland Security, FISMA 2014 codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies. The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices. The Federal Information Security Modernization Act of 2014 amends the Federal Information Security Management Act of 2002 (FISMA).
