It Security Compliance Policy Is The Legal Aspects Of The...

Introduction The purpose of this IT Security Compliance Policy is to recognize the legal aspects of the information security triad: availability, integrity, and confidentiality as it applies to the Department of State at U.S. Diplomatic Embassies across the globe. This document also covers the concept of privacy and its legal protections for privately-owned information by the U.S. government and government employee’s use of network resources. A detailed risk analysis and response procedures may also be found at the end of this policy. LAW Overview The following is a brief overview of compliance with each law related and in use by our organization. â€Å"The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer†¦show more content†¦Ã¢â‚¬Å"The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID).† (PCI Compliance Guide). We have three steps for compliance to PCI standards. Step 1 â€Å"ASSESS† The purpose of the assessment step is to study all possible process and technology vulnerabilities that may pose a threat to consumer credit card data processed by our company. Step 2 â€Å"REMIDIATE† Remediation is how we begin fixing vulnerabilities – these vulnerabilities include technology flaws like outdated software or hardware that is easily bypassed by an exploit, even unsafe practices performed by the organization that potentially exposes the card data to someone other than the card holder. †¢ Some steps we use in the remediation process are network port and vulnerability scanners. †¢ Complete self-evaluation questionnaires and network scenario questionnaires. †¢ Sort and prioritize any vulnerability found in tests and assessments. †¢ Apply fixes, patches, updates, and possible work around for vulnerabilities recognized. †¢ Rescan everything again to ensure the vulnerabilities have been mitigated. â€Å"The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law