Impact Of Data Breaches On Users Necessitated Emergence Of State And Federal Laws

Decent Essays
The heightened level of impact of data breaches on users necessitated emergence of state and federal laws mandating organizations to adhere to certain information security protocols. FERPA, HIPPA, GLBA, PCIDSS are few laws that requires organizations to draft and implement information security practices to protect the information at their disposal. Organizations started creating compliance teams and compliance programs to ensure their adherence and compliance with various laws and regulation.
But the latest data breaches that have occurred in various organizations like Sony, Target, and T-Mobile have confirmed that complying with only these regulations are not adequate to prevent security breaches. For example, Target couldn’t prevent the data breach even though it was compliant with PCIDSS and other regulatory standards. Hence, apart from complying with regulatory standards, it is essential for an organization’s information security program to be more holistic and robust to expect and alleviate new emerging threats trying to exploit vulnerabilities in its information systems.
The National Institute of Standards and Technology (NIST) 800 series and ISO/IEC 27002 standards which were created for establishing, executing and refining organizational information security management programs, recommends the following areas to be covered and examined in an organization’s security program (Adler, 2006).
• Asset Management – All physical assets in an organization that needs to be
Get Access