5.1 Security Considerations

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/5

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

6 Terms

1
New cards

Regulatory

IT security professionals must understand the regulations tied to their organization and the data it handles.

  • Includes not only application data but also log files.

  • Some regulations require retaining certain types of data, such as emails, for a specific number of years and ensuring they can be accessed when needed.

2
New cards

Sarbanes-Oxley (SOX)

Officially named the Public Company Accounting Reform and Investor Protection Act of 2002, it focuses on financial accountability.

  • Requires that financial data be properly protected and accessible to authorized personnel within the organization.

3
New cards

Health Insurance Portability and Accountability Act (HIPAA)

A regulation that ensures the protection of healthcare information.

  • Governs how health data is stored, transferred, and disclosed to third parties, making sure patient privacy is maintained throughout all handling of medical records.

4
New cards

Legal

IT involves legal responsibilities such as reporting illegal activity through formal procedures and responding to legal holds, which ensure data is preserved for legal proceedings.

  • Are also often legally required to disclose security breaches within a set timeframe, which varies by location.

  • Cloud computing complicates these requirements, as data may be stored globally, but some regions mandate that data from their citizens remain within national borders.

5
New cards

Industry

Security requirements vary across industries.

  • For example, public utilities like power generation often use strict access controls and air-gapped systems to prevent network exposure.

  • In contrast, medical environments prioritize both accessibility and privacy, using extensive encryption to protect sensitive health data while ensuring authorized professionals can access it when needed.

6
New cards

Geographical Security

Security needs change based on an organization’s geographic scope.

  • Local or regional entities, like city governments, handle area-specific data.

  • National organizations face broader concerns like defense and inter-state communication, often requiring stronger encryption.

  • Global companies face the most complexity due to varying international data protection laws