The parade of regulations related to cyber security means more of compliance, discipline and agility to be showcased by businesses. Identity and Access Management technology has been instrumental in helping businesses achieve an upper hand on the regulatory requirements.
Ever since internet made a foray the government has been on the front foot to monitor activities over the internet. The Sony hacks was a failure of corporate digital security in light unprecedented threats to public and private networks, organized cybercrime machinery. Businesses are often disciplined with regulatory arms that flash hefty fines, consumer rights violation, business ethics and any violation leading to downward spiralling brand image. President Obama sought budget allocation of 14 Billion USD for cybersecurity.
The proposed legislation is out with the idea of creating a friendlier environment for companies and government to share information about potential cyber-threats and security vulnerabilities. This spending will look at federal efforts to bring in legislations to ease data sharing between the government and the private sector in order to quickly detect and respond to online attacks. Debate is on whether the new proposals are meant to commercialise cybersecurity, defy cyberattacks, or tackle corporate obsession with data collection, pure surveillance, anti-terrorism…
For businesses it will mean another layer to the parade of existing regulations (applicable for respective industries) such as Gramm-Leach-Bliley, Family Educational Rights and Privacy Act (FERPA), National Institute of Standards and Technology (NIST) 800-53 – for Security and Privacy Controls for Federal Information Systems and Organizations, USA Patriot Act, PCI Data Security Standards, Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), Sarbanes-Oxley, Basel III International Business Standards, Federal Information Security Management Act (FISMA), Federal Information Processing Standard (FIPS) 200, and more…
With this budget, the government is all set to bring in a machinery to run Personal Data Notification and Protection Act that appears pro-consumer in mandating companies to notify customers of data breaches within 30 days. As per the proposal industries, such as credit card and payments processing, must be held accountable for any breach – making businesses accountable for data security. It is also expected to put checks against spywares the act is expected to penalise sale of stolen identity data.
Acquisitions against mitigation of policy framework of cyber-attacks on one hand, and delaying establishing strong security checks have caught attention. The government is on its way of adopting middle ground for a pro-cyber security and pro-individual privacy policies environment. And business have to comply.
If you are worried about any regulatory compliance impacting your industry, ask us by clicking here >>