The need to ensure adequate and reasonable protection for corporate, enterprise and public information; and personal privacy led to the enacting of legislations and security initiatives requirements for companies to comply with. These requirements span all levels of privacy concerns relating to financial and health care providers and include mandates that set forth definitive implementation, continual improvement, and holistic information security frameworks.
Implementation of the legislations and initiatives can be vexing and complex without the help and guidance of experienced hands. As you prepare to meet the requirements and examine your existing (or proposed) network security infrastructure, ask yourself this question: Can you detect, prevent and respond to attacks?
Unatek can prepare your network security to meet the requirements for SOX, GLBA, HIPAA, FISMA and other security initiatives:
The framework to ensure comprehensive measures are taken to secure federal information and assets is provided in the ï¿½Federal Information Security Management Act - (FISMA)ï¿½ which was passed by Congress and signed into law by the President as part of the Electronic Government Act of 2002. While mandated for federal systems, FISMA compliance is impacting all those who interact with government systems such as agencies, contractors, and other organizations. Unatek has the experience and expertise to help your organization comply with FISMA.
The major elements include:
- FISMA Sec.3505.(c )(1): The head of each agency shall develop and maintain an inventory of major information systems.
- FISMA Sec.3544. (a)(1)(A)(i) & Sec.3547: The application should be protected against unauthorized access, use, disclosure, disruption, modification or destruction of information collected or maintained by the agency.
- FISMA Sec.3544. (a)(1)(A)(ii): The application should be protected against unauthorized access, use, disclosure, disruption, modification or destruction.
- FISMA Sec.3544. (b): The application must be able to ensure the integrity, confidentiality, authenticity, availability, and non-repudiation of information and information systems supporting agency operations and assets.
- FISMA Sec.3544. (b)(2)(C): Each agency shall develop, document, and implement an agency-wide information security program.
- FISMA Sec.3544. (b)(2)(D): Each agency shall develop, document, and implement an agency-wide information security program, that includes periodically testing and evaluating information security controls and techniques to ensure that they are effectively implemented.
Meeting the SOX Challenge
The Sarbanes-Oxley Act (SOX) requires the documentation, validation and attestation of controls, including security, for the financial, accounting and process systems according to Section 404 of the legislation.
But implementing Sarbanes-Oxley 404 requirements are not "one size fits all." Time, cost and resources vary by company size. That is why Unatekï¿½s expertise and approach enables large, medium and small-sized companies to:
- Implement Section 404 requirements cost-effectively
- Properly scope and manage your project
- Identify key controls
- Implement the documentation methods right for you
- Work effectively with your audit committee and auditor
Meeting the GLBA Challenge
The GLBA security standard recognizes that information security must be comprehensive, and that no single tool, technology or procedure can ensure overall security. The elements that comprise the GLBA-mandated security goal of "security, confidentiality, and integrity of customer information" can be summarized as follows:
Administrative Procedures - documented, formal practices to manage the selection and execution of security measures
Physical Safeguards - processes that protect and monitor information access and prevent unauthorized access to data
Technical Security Services - protection of computer systems and related buildings and equipment from hazards and intrusion
Our IT security team for financial services will not only help you meet the GLBA requirements, but also streamline network monitoring and IT operations as a value added service.
Meeting the HIPAA Challenge
Our HIPAA consultants have designed different programs that help organizations meet the HIPAA requirements: Addressing Administrative Procedures ï¿½ Unatek will help you address the processes that allow access to and protect patient information that is electronically maintained, transmitted, and/or received.
- Information access control
- Internal audit
- Security management process
- Security incident procedures
- Security configuration management
Addressing Physical Safeguards - Unatek will assist you establish measures to control the physical access to computer systems and facilities.
- Access control
- Audit controls
- Authorization control
- Data authentication
- Entity authentication
Addressing Technical Security Services - Unatek will help you establish a program that ensures that information is monitored, as it is being processed or maintained.
- Assigned security responsibility
- Media controls
- Physical access controls
Addressing Technical Security Mechanisms - Unatek will help you establish a program to guard against unauthorized access to data transmitted over a network.
- Communications/network controls