Regulatory Compliance

The advent of electronic communications transforms institutions into holders of highly available, highly flexible, highly accurate and highly personal information.
Privacy concerns have yielded legislation creating new security standards for consumer information. In business, healthcare and financial services, the government is working to mandate new security practices for the transport of personal information over both private and public networks to guard it's availability, confidentiality and integrity.

Adhering to regulatory guidelines and rules is a huge challange using manual methods. Manual methods make the cost of compliance high and individual items can easily be missed. Authoring and implementing new policies and procedures for each new regulation that comes down the pike is costly and inefficient. Small, midsize, and large organizations alike should take a top-down policy-based approach to compliance. The fundamental principle is to look at the big picture. Organizations should consider information assets on an "end-to-end" basis - from the time the data is created, transmitted, processed and stored - then ensure that proper controls are in place to protect the data.

The Sarbanes-Oxley Act of 2002
(often referred to as SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices. The act is administered and enforced by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. SOX is intended for publicly traded companies and focuses on the accuracy of financial reporting. Section 404 looks at information systems and the controls around them; failure to have an IT security policy and policy management are considered non-compliance exceptions. There really aren't any must-have policies for SOX compliance -- auditors are looking for a strong overall information security program and policies, plus in-place monitoring of users and systems for compliance. 


The Gramm-Leach-Bliley Act (Financial Modernization Act of 1999)
(often referred to as GLBA) is a federal mandate in response to the implications of online banking, e-commerce, electronic records and the need to keep customer records secure. GLBA requires financial institutions to control and protect personal financial information in it's care. Failure to comply with GLBA is not a trivial issue. Non compliance can shut an organization down. In most cases, regulators require a shutdown for gross non-compliance until compliance and remediation are demonstrated to the Regulators satisfaction. In addition, Regulators have the authority to levy fines and/or suspend an Institution for failure to comply.


Health Insurance Portability and Accountability Act of 1996
(often referred to as HIPAA) requires the safeguarding of personal medical information. Organizations that are privilege to personal medical information must develop, implement, validate and enforce policies that govern how medical information is stored and transmitted. These policies can affect the entire IT infrastructure of an organization from data transmittions to the data stored on computing devices. HIPAA requires that data is both classified and protected. Policies are also required to describe encryption standards for the storage and transmission of sensitive data.



Learn more about products that can monitor and enforce organizational compliance and privacy policies.

   Discovering exposed confidential information

Using high speed scanning technology to identify private information in stored data files is the first step towards proactive information governance. Once private information is discovered, protective actions can be taken to protect the information and minimize the threat of a data loss incident. Lost laptops and stolen desktop and servers are only part of the over all equation that can cost an organization millions in direct and indirect expenses. Computers are often discarded with their hard drives intact and removable media is commonly disposed of insecurely or misplaced all together - both of which may contain personal information.

   Encrypting confidential information

Data encryption technology utilizes encryption algorithms to secure data against unauthorized disclosure. Data Encryption allows for the encryption of an entire hard drive or individual files, on laptops, workstations and servers, to deliver a high level of security for confidential data at rest.

   Monitoring data-in-motion

Continuously monitoring network traffic for the presence of unencrypted personal and confidential information is key to protecting customer data. Detection of privacy policy violations takes place at wire-speed with real-time alerting and preventative blocking measures being triggered instantly at the time of detection. Details of the violation are reported and typically include source IP, the destination IP, the exact personal information identified and how it was being transferred.

   Protecting confidential e-mail

Public key encryption is the method that most e-mail encryption applications use to secure the contents of an e-mail. Anyone who intercepts and attempt to read an encrypted e-mail will only see meaningless gibberish. Securing e-mail in transit as it leaves your corporate network is essential in securing confidential date send via e-mail.


Data-in-Motion
Prevent confidential information "leaks".

Data-at-Rest
Find and protect confidential information stored on latops, workstations and servers.

E-mail Encryption
Send confidential information securely via e-mail.

Disk Encryption
Encryption for individual files or whole disk.

e-Discovery
Discover confidential information stored throughout your network.



Home | News | Contact
Copyright (c) 2007 by FiLink - All rights reserved.


FiLink is is insured by Lloyd's of London