Documente Academic
Documente Profesional
Documente Cultură
INTRODUCTION
Information security plays an important role in protecting the assets of an organization. As no single formula can guarantee 100% security, there is a need for a set of benchmarks or standards
to help ensure an adequate level of security is attained resources are used efficiently and the best security practices are adopted.
What is
??
Control Objectives For Information and Related Technology Its a Road Map to Good IT Governance Accepted globally as a set of tools that ensures IT is working effectively Provides common language to communicate goals, objectives and expected results to all stakeholders Based on, and integrates, industry standards and good practices in:
Strategic alignment of IT with business goals Value delivery of services and new projects Risk management Resource management Performance measurement
Privacy Rule
Establish Mandatory guidelines regarding the use and disclosure of PHI (Protected Health Information)
Security Rule
Establish Requirements to protect the confidentiality, integrity, & availability of PHI created, maintained, transmitted in electronic format
Security Of Information
Protected Health Information (PHI) which is individually identifiable health information (IIHI) that is held or disclosed by a covered entity that can be communicated electronically, verbally, or written. Electronic Protected Health Information (EPHI) which is protected health information (PHI) that is transmitted by electronic media or maintained by electronic media. Sensitive Data which is protected health information that can be used to determine the identity of an individual and/or their diagnosis.
Security Rule
Administrative safeguards- Administrative actions, policies and procedures to manage the selection, development, implementation and maintenance of security measures to protect electronic PHI. Physical safeguards- Physical measures, policies and procedures to protect electronic information systems and related buildings and equipment from natural and environmental hazards including unauthorized intrusion. Technical safeguards- The technology and policy and procedures for its use that protect electronic PHI and control access to it.
HIPAA Compliance
PCI DSS
Payment Card Industry Data Security Standard Its a information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, ATM cards. The standard consists of 12 core requirements, which include security management, policies, procedures, network architecture, software design and other critical measures.
Bank Of India
achieved PCI-DSS standard compliance for its debit card environment, and claims to be the first Indian bank to do so.
TimesOfMoney
a leading online remittance and payment service provider got PCI DSS certification
THANK YOU!!