Legal and Regulatory Requirements
-
Upload
alanoudsalqoufi -
Category
Technology
-
view
143 -
download
0
Transcript of Legal and Regulatory Requirements
![Page 1: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/1.jpg)
Security Governance(IS 536)Second semester(Oct 5)
Name:Alanoud Saad AlqoufiID:435920068
![Page 2: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/2.jpg)
Outline
• CH3-Legal and Regulatory Requirements
• PCI and BASEL • Regulations• Regulations Elements• Regulatory Compliance Level
• CH4-Roles and Responsibilities• Why Roles and Responsibilities• Management Levels• The board of directors• Executive Management• Security Steering Committee• The CISO
![Page 3: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/3.jpg)
CH3
Legal and Regulatory Requirements
![Page 4: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/4.jpg)
Payment Card Data Issues
![Page 5: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/5.jpg)
PCI
• Stands for Payment Card Industry• Established PCI DSS• Maintained by PCI SSC• To insure Security of cardholder data
![Page 6: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/6.jpg)
PCI DSS
![Page 7: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/7.jpg)
BASEL II
• Refer to the Banking Supervision Accords• Issued by the BCBS• To maintain enough cash to cover risk
![Page 8: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/8.jpg)
Regulations
• NFPA
• OSHA
• HIPPA
• COSO
• CoCo
• Patriot Act
• FCPA
• FISMA
• BASEL II
• SOX
• Cadbury
• King
• FFIFC
• …….
![Page 9: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/9.jpg)
Regulations Elements
Transparency OversightDisclosure Record
Retention
TrainingOperational RiskAttestationPrivacy
![Page 10: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/10.jpg)
Regulatory Compliance Level
• Less than 50% of US Organizations are in compliance
![Page 11: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/11.jpg)
CH4
Roles and Responsibilities
![Page 12: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/12.jpg)
Why Roles and Responsibilities?
• Adequate Protection against the possibility of fraud• Creating clear culture of Accountability• Identify Risks
![Page 13: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/13.jpg)
Management Levels
Board of directors
Senior executives
Chief information security officer
Steering Committee
![Page 14: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/14.jpg)
The Board Of Directors
• Setting strategic directions• Identify security leaders• Assign information security to key committee• Ensure risks , resources and performance are managed
appropriately
![Page 15: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/15.jpg)
Why Directors are important?
• “The rising tide of cybercrime and threats to critical information assets
mandate that boards of directors and senior executives are fully engaged at
the governance level to ensure the security and integrity of those resources.”
By Shirley M. Hufstedler, a former director of Hewlett-Packard
• “Tone at the top” identified as a major contribution to Org failures
![Page 16: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/16.jpg)
Executive Management
• Support for security mangers
• Enforce and monitore regulatory compliance
• Oversight of all management process plans
![Page 17: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/17.jpg)
Security Steering Committee
• Identify and prioritise risks
• Assure security initiatives meet business objectives
• Review security strategy efforts
![Page 18: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/18.jpg)
CISO
• Develop security strategy and plan
• Perform security risk assessments
• Implement security polices and procedures
![Page 19: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/19.jpg)
Information Security Responsibilities
![Page 20: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/20.jpg)
Reporting
• IT is about Performance, IS is about Safety
• 35% of CISO reported to CIO ?!
• Greater IT performance with less cost and security
IT IS CIO CISOVSVS
![Page 21: Legal and Regulatory Requirements](https://reader035.fdocuments.us/reader035/viewer/2022062823/5871e6c61a28ab6a7b8b7239/html5/thumbnails/21.jpg)
Thank you for your attention