21
Security Governance(IS 536) Second semester(Oct 5) Name:Alanoud Saad Alqoufi ID:435920068

Legal and Regulatory Requirements

Embed Size (px)

Citation preview

Page 1: Legal and Regulatory Requirements

Security Governance(IS 536)Second semester(Oct 5)

Name:Alanoud Saad AlqoufiID:435920068

Page 2: Legal and Regulatory Requirements

Outline

• CH3-Legal and Regulatory Requirements

• PCI and BASEL • Regulations• Regulations Elements• Regulatory Compliance Level

• CH4-Roles and Responsibilities• Why Roles and Responsibilities• Management Levels• The board of directors• Executive Management• Security Steering Committee• The CISO

Page 3: Legal and Regulatory Requirements

CH3

Legal and Regulatory Requirements

Page 4: Legal and Regulatory Requirements

Payment Card Data Issues

Page 5: Legal and Regulatory Requirements

PCI

• Stands for Payment Card Industry• Established PCI DSS• Maintained by PCI SSC• To insure Security of cardholder data

Page 6: Legal and Regulatory Requirements

PCI DSS

Page 7: Legal and Regulatory Requirements

BASEL II

• Refer to the Banking Supervision Accords• Issued by the BCBS• To maintain enough cash to cover risk

Page 8: Legal and Regulatory Requirements

Regulations

• NFPA

• OSHA

• HIPPA

• COSO

• CoCo

• Patriot Act

• FCPA

• FISMA

• BASEL II

• SOX

• Cadbury

• King

• FFIFC

• …….

Page 9: Legal and Regulatory Requirements

Regulations Elements

Transparency OversightDisclosure Record

Retention

TrainingOperational RiskAttestationPrivacy

Page 10: Legal and Regulatory Requirements

Regulatory Compliance Level

• Less than 50% of US Organizations are in compliance

Page 11: Legal and Regulatory Requirements

CH4

Roles and Responsibilities

Page 12: Legal and Regulatory Requirements

Why Roles and Responsibilities?

• Adequate Protection against the possibility of fraud• Creating clear culture of Accountability• Identify Risks

Page 13: Legal and Regulatory Requirements

Management Levels

Board of directors

Senior executives

Chief information security officer

Steering Committee

Page 14: Legal and Regulatory Requirements

The Board Of Directors

• Setting strategic directions• Identify security leaders• Assign information security to key committee• Ensure risks , resources and performance are managed

appropriately

Page 15: Legal and Regulatory Requirements

Why Directors are important?

• “The rising tide of cybercrime and threats to critical information assets

mandate that boards of directors and senior executives are fully engaged at

the governance level to ensure the security and integrity of those resources.”

By Shirley M. Hufstedler, a former director of Hewlett-Packard

• “Tone at the top” identified as a major contribution to Org failures

Page 16: Legal and Regulatory Requirements

Executive Management

• Support for security mangers

• Enforce and monitore regulatory compliance

• Oversight of all management process plans

Page 17: Legal and Regulatory Requirements

Security Steering Committee

• Identify and prioritise risks

• Assure security initiatives meet business objectives

• Review security strategy efforts

Page 18: Legal and Regulatory Requirements

CISO

• Develop security strategy and plan

• Perform security risk assessments

• Implement security polices and procedures

Page 19: Legal and Regulatory Requirements

Information Security Responsibilities

Page 20: Legal and Regulatory Requirements

Reporting

• IT is about Performance, IS is about Safety

• 35% of CISO reported to CIO ?!

• Greater IT performance with less cost and security

IT IS CIO CISOVSVS

Page 21: Legal and Regulatory Requirements

Thank you for your attention


Disruptive Technologies Legal and Regulatory Aspects … · Disruptive Technologies – Legal and Regulatory Aspects ... Legal and Regulatory Framework in Switzerland ... Protection

Disruptive Technologies Legal and Regulatory Aspects … · Disruptive Technologies – Legal and Regulatory Aspects ... Legal and Regulatory Framework in Switzerland ... Protection

Documents
Legal and Regulatory Frameworks for Decommissioning and ... · Legal and Regulatory Frameworks for Decommissioning and ... Legal and Regulatory Frameworks for Decommissioning and

Legal and Regulatory Frameworks for Decommissioning and ... · Legal and Regulatory Frameworks for Decommissioning and ... Legal and Regulatory Frameworks for Decommissioning and

Documents
Global Tax, Legal, and Regulatory Updates_Legal,_and_Regulatory_Updates… · Remain in compliance with constantly changing tax, legal, and regulatory requirements. Rely on and trust

Global Tax, Legal, and Regulatory Updates_Legal,_and_Regulatory_Updates… · Remain in compliance with constantly changing tax, legal, and regulatory requirements. Rely on and trust

Documents
Legal Requirements and Policy for Controlled Substances · Legal Requirements and Policy. for. Controlled Substances. Prepared for. FDA Regulatory Processes and Standards . for the

Legal Requirements and Policy for Controlled Substances · Legal Requirements and Policy. for. Controlled Substances. Prepared for. FDA Regulatory Processes and Standards . for the

Documents
Security and regulatory requirements for public … and regulatory requirements for public cloud ... Security and regulatory requirements for public cloud offerings ... Security and

Security and regulatory requirements for public … and regulatory requirements for public cloud ... Security and regulatory requirements for public cloud offerings ... Security and

Documents
1001 - Association of Corporate Counsel...Effective management of records • Enables Compliance with applicable legal and regulatory requirements – Fulfills legal duties to maintain

1001 - Association of Corporate Counsel...Effective management of records • Enables Compliance with applicable legal and regulatory requirements – Fulfills legal duties to maintain

Documents
Legal & Regulatory Bulletin

Legal & Regulatory Bulletin

Documents
An overview over the key legal and regulatory requirements

An overview over the key legal and regulatory requirements

Documents
Legal & Regulatory Requirements - Microsoft · Legal & Regulatory Requirements Dr Syed Naqvi syed.naqvi@bcu.ac.uk. Outn e • Introduction • Legal framework • National, European

Legal & Regulatory Requirements - Microsoft · Legal & Regulatory Requirements Dr Syed Naqvi [email protected]. Outn e • Introduction • Legal framework • National, European

Documents
Existing Legal Regulatory Framework

Existing Legal Regulatory Framework

Documents
Global Regulatory Requirements

Global Regulatory Requirements

Documents
Choosing Technology Solutions for Legal & Regulatory Requirements

Choosing Technology Solutions for Legal & Regulatory Requirements

Documents
Ergonomics Regulatory Requirements

Ergonomics Regulatory Requirements

Documents
Regulatory requirements - LNCT

Regulatory requirements - LNCT

Documents
Regulatory Requirements - Aerosols

Regulatory Requirements - Aerosols

Documents
Cash Management Framework and its Integration with Debt … · 2009. 1. 14. · Legal and regulatory requirements Legal and regulatory requirements E.g. authority to open bank a ccounts

Cash Management Framework and its Integration with Debt … · 2009. 1. 14. · Legal and regulatory requirements Legal and regulatory requirements E.g. authority to open bank a ccounts

Documents
Legal and Regulatory Basis for Compliance Programs...Legal and Regulatory Basis for Compliance Programs Legal and Regulatory Basis for Compliance Programs 1 1 Legal environment for

Legal and Regulatory Basis for Compliance Programs...Legal and Regulatory Basis for Compliance Programs Legal and Regulatory Basis for Compliance Programs 1 1 Legal environment for

Documents
Legal & Regulatory aspects.pptx

Legal & Regulatory aspects.pptx

Documents
Legal and Regulatory Concerns in the Sourcing of FDA-Regulated Products, Components & Services Part 1 – The Impact of FDA Legal & Regulatory Requirements

Legal and Regulatory Concerns in the Sourcing of FDA-Regulated Products, Components & Services Part 1 – The Impact of FDA Legal & Regulatory Requirements

Documents
Legal & Regulatory Powerpoint

Legal & Regulatory Powerpoint

Health & Medicine
US Regulatory Requirements

US Regulatory Requirements

Documents
Legal and Regulatory Aspects

Legal and Regulatory Aspects

Documents
EHS Legal and Regulatory Requirements Training-1

EHS Legal and Regulatory Requirements Training-1

Documents
Complying with legal, regulatory and ethical requirements ... · PDF fileLearning Outcome - The learner will: Assessment ... procedures for legal, regulatory and ethical requirements

Complying with legal, regulatory and ethical requirements ... · PDF fileLearning Outcome - The learner will: Assessment ... procedures for legal, regulatory and ethical requirements

Documents
Certificate IV in Frontline Management – Legal Requirements, Regulatory Requirements and General OHS Requirements

Certificate IV in Frontline Management – Legal Requirements, Regulatory Requirements and General OHS Requirements

Documents
i legal requirements. sn1i;lqiubiakvrd-sp.dld.go.th/webnew/images/stories/news/PDF2561/ISO-9001-2015.pdf1 (Page i M~IU~M?2 Statutory and regulatory requirements = legal requirements

i legal requirements. sn1i;lqiubiakvrd-sp.dld.go.th/webnew/images/stories/news/PDF2561/ISO-9001-2015.pdf1 (Page i M~IU~M?2 Statutory and regulatory requirements = legal requirements

Documents
Deliverable D1.2a Legal / regulatory requirements … › wp-content › uploads › ID1.2a-Legal...Legal / regulatory requirements analysis – Intermediary liability for third party

Deliverable D1.2a Legal / regulatory requirements … › wp-content › uploads › ID1.2a-Legal...Legal / regulatory requirements analysis – Intermediary liability for third party

Documents
37 REVISITING LEGAL AND REGULATORY ... › content › pdf › 10.1007 › 978-0-387...Revisiting Legal and Regulatory Requirements for Secure E-Voting 473 In most countries where

37 REVISITING LEGAL AND REGULATORY ... › content › pdf › 10.1007 › 978-0-387...Revisiting Legal and Regulatory Requirements for Secure E-Voting 473 In most countries where

Documents
Temporary on-site power solutions Legal and regulatory ... › files › 2019 › 11 › ... · Legal and regulatory requirements Data Centres Ireland 2019 John Dallas –A&L Goodbody

Temporary on-site power solutions Legal and regulatory ... › files › 2019 › 11 › ... · Legal and regulatory requirements Data Centres Ireland 2019 John Dallas –A&L Goodbody

Documents
Updated Legislative and Regulatory Reporting … and Legal Issues...1 Sample Hospital Checklist for Legislative and Regulatory Compliance Part A: Legislation with Reporting Requirements

Updated Legislative and Regulatory Reporting … and Legal Issues...1 Sample Hospital Checklist for Legislative and Regulatory Compliance Part A: Legislation with Reporting Requirements

Documents