Skip to content

Category: Compliance

Published on Leave a comment on Term of the Week: General Data Protection Regulation (GDPR)

What is it?

A European Union regulation designed to give people more control over their personal data and to define how organizations must process such data.

Why is it important?

The GDPR expands the scope of data protection globally. This is important because it applies to many more organizations than previous regulations. In particular, the GDPR applies to any entity that has an establishment (any place of business) in the European Union and collects or processes personal data about any person in the world. And it applies to any entity that collects or processes personal data from a person in the European Union, regardless of where that entity is based.

...continue reading "Term of the Week: General Data Protection Regulation (GDPR)"

Published on Leave a comment on Term of the Week: Payment Card Industry Data Security Standard (PCI DSS)

What is it?

A prescriptive information security standard designed to protect the confidentiality of credit and debit card data.

Why is it important?

All organizations that store, process, or transmit payment card data typically have a contractual requirement to comply with PCI DSS. Some countries and US states also mandate PCI DSS compliance by law(PCI-DSS standard).

...continue reading "Term of the Week: Payment Card Industry Data Security Standard (PCI DSS)"

Published on Leave a comment on Term of the Week: Controls

What is it?

A set of guidelines designed to protect an organization’s information security, safeguarding the standards of confidentiality, integrity, and availability (CIA).

Why is it important?

Controls are important because without them, an organization has no guidelines for protecting information and assets.

...continue reading "Term of the Week: Controls"

Published on Leave a comment on Term of the Week: Privacy

What is it?

The concept that individuals own all of their personal information and have sole authority over who should have access to their information and how, when, and where it can be distributed.

Why is it important?

All organizations that deal with private health information in the US must abide by the Health Insurance Portability and Accountability Act (HIPAA)(HIPAA). In addition, the European Union’s General Data Protection Regulation (GDPR) legislation affects all organizations that deal with people in the European Union, regardless of where the organization is based. To abide by the law and to respond to customer needs, business professionals must take privacy seriously.

...continue reading "Term of the Week: Privacy"

Published on Leave a comment on Term of the Week: Regulation

What is it?

A set of rules, usually backed by a legal mandate, that control an activity or environment and provide a means for compliance to be inspected and enforced.

Why is it important?

The internet is an ever-changing environment where the rules are constantly being amended and updated as new technologies emerge. Regulations attempt to control the technological environment and the human behavior associated with it.

...continue reading "Term of the Week: Regulation"

Published on Leave a comment on Term of the Week: Standards

What is it?

A common set of rules designed to ensure interoperability between different products, systems, and organizations.

Why is it important?

Standards provide stable, long-term guidelines that products can be validated against to ensure they will operate correctly and securely with other products that adhere to the same standard. Standards reflect the best practices of experienced cybersecurity professionals.

...continue reading "Term of the Week: Standards"

Published on Leave a comment on Term of the Week: Policy

What is it?

A set of mandatory requirements that apply to specific areas of an organization’s operations, including cybersecurity.

Why is it important?

Policies are important because they define the strategic intent for rules, regulations, protocols, and procedures that the organization or industry implement.

...continue reading "Term of the Week: Policy"

Published on Leave a comment on Term of the Week: Separation of Duties

What is it?

A strategy that helps reduce fraud and error by assigning two or more parts of a transaction to separate individuals. For example, the same person should not be able to enter an invoice then approve payment.

Why is it important?

Separation of duties (SoD) (also known as segregation of duties) prevents the same person from performing two or more parts of a transaction that would be susceptible to error or fraud if performed by one person. Fraud perpetrated through the lack of internal controls can lead to the loss of money, reputation, and market share as well as risking fines from regulators and, perhaps ultimately, shutdown of the organization.

...continue reading "Term of the Week: Separation of Duties"