Information security-related regulatory requirement

Information security, which involves assuring the confidentiality, integrity, and availability of mission-critical data, is typically a primary concern of regulators. Business executives are responsible for aligning corporate policies to the requirements of regulation and follow up to ensure that the policies and associated controls are being enforced.

Regulatory compliance requires that enterprise IT departments meet certain technical standards that conform to specific requirements that are defined by either an external authoritative governmental or industry organization or by internal enterprise policies. Both internal and external regulations may have significant impacts on enterprise IT operations. Complying with any regulatory rule often constrains IT managers by imposing network and system design features that may be quite costly. Likewise, the cost of not complying with regulations may lead to both civil and criminal penalties.

In this assignment, you address security issues related to information security-related regulatory compliance.

Preparation
Identify and research a specific information security-related regulatory requirement whose compliance is dictated by one of the following regulatory rules:

Family Educational Rights and Privacy Act (FERPA).
Gramm–Leach–Bliley Act (GLBA).
Health Insurance Portability and Accountability Act (HIPAA).
Payment Card Industry Data Security Standard (PCI DSS).
Sarbanes–Oxley Act (SOX).

Sample Solution