Laws And Regulations | Official Security Resources | Standards And Frameworks




IT Laws and Regulations




Basel III - Regulatory requirements for banks.


Code Of Connection (COCO) - To be able to connect to the government's secure intranet (GCSx network) within the UK, local authorities must comply with COCO before connecting to the
GCSx network.


Communications-Electronics Security Group (CESG) - Delivers risk management assistance and advise on the security of communications and electronic data for the public
sector. CESG is a branch or subset of GCHQ which is responsible for government communications and information systems and certain parts of UK national infrastructure.


Computer Fraud and Abuse Act - Applies to federal government and some financial institutions within the US. It is there to protect against computer hacking and cracking, and an individual found guilty to do so faces punishment.


Computer Security Act of 1987 - Requires protection of computers which contain sensitive information.


Data Protection Act - Is a UK based law and exists to protect personal individual data.


Economic Espionage Act of 1996 - This act defines who does and doesn't have the right to investigate trade secrets and espionage.


Federal Information Security Management Act of 2002 (FISMA) - Is a framework and US legislation to protect government information systems. Federal agencies must comply
with FISMA.


Federal Privacy Act of 1974 - Applies to federal agencies that requires to give the public citizens notice of the records they keep on their systems on individuals by publication in the Federal Register.


Gramm-Leach-Bliley Act of 1999 (GLBA) - Applies to financial institutions and allows them to combine and share information which is relevant to the business.


Health Insurance Portability and Accountability Act (HIPAA) - Applies to anyone dealing with personal medical information. An organisation has to comply with HIPPA in order to protect and securely handle personal information.


Information Technology for Economic and Clinical Health Act (HITECH Act) - An incentive for healthcare institutes that can demonstrate useful meaning from electronic health records.


Payment Card Industry Data Security Standard (PCI DSS) - Organisations must comply with the PCI DSS standard if they transmit, process or store credit information. PCI DSS is governed by EC-Council.


Sarbanes-Oxley (SOX) - SOX is a result of financial scandals in the US. Senior management have to certify financial reports and internal controls within public organisations within the US.


U.S. Government Configuration Baseline (USGCB) - A government IT program used to increase security within an IT desktop environment.