| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Government
|
|
Gramm Leach Bliley
|
|
HIPAA
|
|
Sarbanes Oxley
|
|
SB1386
|
|
DITSCAP – DoD’s Answer to Secure Systems The majority of you will ask yourself a few simple questions “ why?... Why should I care? Why should I be concerned or interested in reading about a government bureaucratic process?” Another group may ask, “how can I get my share of the pie.” The security professional’s question might be “how can I leverage the government’s work for my own benefit?” A final group may shrug it off and say it will never impact me. A simple answer would be it’s your money, to the tune of several billion dollars per year! The intent of this paper is to provide insight into a process that is rapidly being adapted, in part or as a whole, by an increasing number of local governments, the medical industry, and corporate America. After all “a risk assumed by one is imposed on all” is never more true than in today’s increasingly interrelated world.
04/03/2004
|
|
Canadian Civil Liberties vs. Public Security: Post Crisis, Have the Terrorists Won? One of the goals of security is to protect something that is valuable to an individual, a business, or an entity without taking away key attributes for survival. Just like a business creates policy to protect its business functions, a government creates laws to make sure its citizens can continue their way of life. The Personal Information Protection and Electronic Documents Act represents a good example of an act that upholds citizens’ right to privacy. This is legislation created to protect the citizens. The legislation was undertaken in a responsible manner that balanced the needs of the citizens against the needs of business. During the October Crisis, the Canadian government suspended civil liberties in order to face down a threat. The end result of that predicament was a country that continued with what the society deemed important.
04/03/2004
|
|
Laws of Canada as they Pertain to Computer Crime This paper examines the existing laws in the Criminal Code of Canada as they pertain to computer crime. For the purpose of this paper, the definition of computer crime will be that of the Investigation Bureau of the Ontario Provincial Police: any criminal activity involving the copy of, use of, removal of, interference with, access to, manipulation of computer systems, and/or their related functions, data or programs (Stinnissen, p.3). The objective is to assess the laws as they stand and examine whether Canada is falling behind the times or a leader in the international fight against computer crime. The paper begins with an overview of the applicable sections of the Criminal Code of Canada, followed by cases of computer criminals that have been arrested in Canada. Opinions on both sides of the debate are presented. The paper concludes that there are other remedies that could be implemented that would help win the war on computer crime to a much greater degree.
04/03/2004
|
|
Act Now! An Introduction To Canada’s PIPED Act and its Affect on Organizations and IT Departments The PIPED Act has received little media attention considering its scope. Stephanie Perrin, chief privacy officer for Zero-Knowledge Systems in Montreal notes "...the Canadian public doesn't know that the act has passed by and large." (Conrath) This paper has been written to cast some light on this important piece of legislation and the inherent responsibilities it imposes on organizations and IT departments. This paper will begin with a list of some important global initiatives that protect personal information privacy and five commonalities they share. An introduction to Canada’s privacy legislation will be followed by a summary of the 10 privacy protection principles introduced in the PIPED Act. Concluding this paper will be a discussion of six milestones that organizations and IT departments can use to mark their progression along the path to compliance, including guidance on implementing each.
04/03/2004
|
|
Applying the Common Criteria to the Certification &; Accreditation of Department of Defense Unclassified Information Technology Systems Perhaps the greatest challenge Information Technology (IT) professionals face today is providing evidence that the systems they develop are ‘secure’. To provide this evidence, they must use a standardized process that will foster a high level of confidence in the security features of the IT system. This process must provide a means to quantify and measure the extent to which the security of the IT system has been evaluated and assessed. No matter what type of system is to be developed, there must be assurance that the data and data processing resources are protected and the security mechanisms will operate in the manner in which they were designed to operate. Besides being a good business practice, there are numerous laws and regulations, which define and explain why one must be concerned with the adequacy of IT security. This paper will discuss how the adoption of a more recently developed evaluation criteria known as the ‘Common Criteria’ (CC) may be applied to DITSCAP process.
04/03/2004
|
|
Connecting a classified network to the Internet. A case study. The purpose of this document is to point out some common elements from the guidelines published to regulate computer security and suggest administrative action and technical solutions to build a network that may be connected to the Internet, and still obtain/retain a classification up to and including NATO RESTRICTED. The author is not aware of any standard that will allow a system classified at NATO CONFIDENTIAL or higher to be connected to a public network (Internet). Note that the standards mentioned (BS7799, ITSEC, CommonCriteria a.s.o.) only tell what to achieve, not how.
04/03/2004
|
|
Designing Secure IT Environments for Pharmaceutical Clinical Trial Data Systems Pharmaceutical companies are subject to regulations imposed by the FDA (Food and Drug Administration). Key elements of these regulations are rules governing the information technology space in drug production and research organizations. The requisite security infrastructure by these systems is sufficiently different from the security requirements in other IT areas because of these FDA regulations. Security professionals need to be educated in the rules and the unique challenges they present. This paper details the relevant regulations for security professionals and the special concerns they pose. Vendor neutral infrastructure component examples are given which could be used to develop a secure environment for FDA regulated systems. By learning about the requirements placed on systems by the FDA security professionals will be better equipped to aid in vendor selection and secure system implementation.
04/03/2004
|
|
Information Security & Negligence - Targeting the C-Class Numerous recommendations since September 11, 2001 have been published on the evils of negligence relative to protecting one’s assets (cyber & physical). In light of the articles, references, statutes, case laws and other relevant pieces of this puzzle, how do you physically “prove” negligence versus the common business practice of risk management? This article addresses at what point does risk management become negligence. Basically, a blueprint for attorneys to tactically go after a corporate enterprise for negligence.
03/23/2004
|
|
U.S. Information Security Law, Part Four: Information Security and the Public Sector-An Introduction to the National Security Law of Information Security This is the last article in a four-part series looking at U.S. information security laws and the way those laws affect the work of security professionals. This installment continues the discussion of information security in the public sector and provides an overview of national security law in the United States as it pertains to information security.
03/22/2004
|
|
U.S. Information Security Law, Part Three: Information Security and the Public Sector-An Introduction to the Criminal Law of Information Security This is the third part of a four-part series looking at U.S. information security laws and the way those laws affect security professionals. This installment begins the discussion of information security in the public sector. Government's involvement with information security takes place in two unique contexts: criminal justice and national defense. (Of course, government agencies also have information security concerns that are analogous to those of private industry, which were considered in the first two articles in this series.) In this installment, we will look at the basics of the criminal information security law.
03/22/2004
|
|
Page: 12 3 45 |
