Do Securities Need Regulations?
Securities need regulations; in fact it is good. Regulations can help make certain that the companies and individuals in-charge if security are really doing their job, whether it is monitoring the internet high-way or conducting pen test. Sometimes, problems may appear on the details of the regulation.
There are several regulations in security like HIPAA and HITECH. HIPAA’s original goal was to help ensure employees that they have insurance when they change jobs. Soon the bill was improved because of the addition of contributors. It established national standards in healthcare as well as compliance and enforcement. One aspect of HIPAA is securing electronic records and limiting the ways how healthcare organizations can use or share information. Rules in reporting breaches were added with HITECH and it also states that encryption is a big help for the security.
HIPAA is an excellent regulation because it saves money and improve healthcare, at the same the patient’s information are safe. But somehow the problem with HIPAA is that the rules were made by committee and not by practitioners and a serious catch in its regulation is that it is not for cheaper medications. The rule had few impacts on the organizations abiding these rules and even though there are sanctions on each consequence, only a few were able to materialize.
Another regulation on security is the PCI compliance and this is a requirement in every industry. PCI is an iterative process that is based on the combination of specific requirements of programs from different credit card industries that are involved. Since, each credit card industry have their own sets of rules and all of their rules have share the same programs that protect the financial informations of their clients as well as the financial information of the company. Because of that PCI was formed and their goal was to make a unified standard in protecting the information of their clients whether in the real world or the internet.
PCI was all about requirements that are actionable and they provide more guidance compared to other standards. In fact, PCI rules were written by security engineers and IT experts, who are adept in cyber security, methods like pen testing and training like pen test training. Since the rules were written by experts, all of the things written are known to be effective, but that doesn’t mean that PCI compliant are completely secure and perfect. It just made your card identifiable only on identified systems and protect the system from various attack patterns.
PCI was able to establish the compliance requirements. Included in here are compliance audit, self-assessment. Everything has to undergo validation processes. Every PCI compliant matters and if one fails to comply consequences are strictly implemented.
Another security standard now is CSA or Cloud Security Alliance’s Security Guidance and this is for cloud security. Since cloud services are among the larges growing industries many people are peering inside its security regulations. In selecting a company marketing cloud security, you have to consider if they offer secure services in protecting the client informations as well as protect their own system.
CSA follows how PCI handled their security regulations, a compliance that is industry driven. CSA is about using the right process and all the industry standards are reviewed to see if these standards are actionable and also practical.
Compliance guidance includes assessment questionnaire and control matrix, which could help the cloud vendor as well as the client and together, they can evaluate the provider’s security controls. This is a good step in defining an excellent manageable standard in security. It defines the standard, compliance requirements as well as the implementation guides. It can also define the compliance process and it includes the authorized assessors and also the process in assessment. Finally, it defines the consequences.
The consequences will be driven by business and sanctions would surely affect the business. In fact, if they don’t comply, these companies will not last long in the market. Actually, this is an excellent consequence for the CSA nowadays. It has shown them the importance of complying all the required rules and regulation. Once these regulations are in place and gain and continue with their momentum, then government may not intervene.
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.
More information about EC-Council is available at http://www.eccouncil.org.
Processing your request, Please wait....
