HIPAA
Are you one of those in the healthcare industry that
store patient data electronically? The mandates
structured in the Health Information Portability and
Accountability Act (HIPAA) have a requirement
to (1.) make daily backups, offsite and encrypted to
protect the privacy of patients and (2.)insure that
this information can be available anywhere the
patient is being treated. That's where DataSafe -
Online comes in!
The Health Insurance Portability and Accountability
Act of 1996 (HIPAA) mandates that providers, health
plans, clearinghouses, and their business associates
establish appropriate administrative, technical and
physical safeguards to protect the privacy and
security of sensitive health information. HIPAA
defines safeguards that must be used to protect
confidential information. For example, safeguards
must be in place to:
Protect data integrity
Address security incidents
Review records of information system activity,
such as:
Audit logs
Access reports
Security incidents
As a result, security information and event
management (SIEM) plays a vital role in HIPAA
compliance and is extremely visible and important
under several Administrative Security and Technical
Security Standards. Network Intelligence has mapped
reports to help covered entities comply with HIPAA.
The customized report package is available free of
charge to all active customers on our customer
support section.
HIPAA underscores Network Intelligence’s audit,
alerting and reporting capabilities. By collecting
and protecting all the data now, you will be ready
for your next audit.
SOX:
The Sarbanes-Oxley Act of 2002 is considered to be
one of the most significant changes to federal
securities laws in the United States. Sarbanes-Oxley
followed a wave of well-publicized corporate
financial scandals which included Enron, Arthur
Andersen, and WorldCom. Congress passed the
Sarbanes-Oxley Act in large part to protect
investors by improving the accuracy and reliability
of corporate disclosures made pursuant to the
securities laws. One of the most significant
provisions within Sarbanes Oxley are the criminal
and civil penalties that place executive management
and the board of directors in the “hot seat”.
Specifically, under Section 404 of the Sarbanes
Oxley Act, executives need to certify and
demonstrate that:
Files containing accounting information have not
been compromised, and
All significant technical controls, including
security authorizations and critical configuration
files have not been compromised.
What Should Your Organization Do?
Sarbanes Oxley users in a new era of corporate
governance and accountability. As a result, the
vital role security information and event management
(SIEM) plays in establishing and maintaining
internal controls has never been greater. Companies
should institute log monitoring and vulnerability
assessments as a critical part of their IT internal
control systems.
Both domestic and publicly-traded companies must
comply with Sarbanes-Oxley. If you are a covered
entity you must have methods to maintain audit
trails and to log possible altering of electronic
records. Network Intelligence has mapped best
practices and reports to help organizations comply
with audits under Sarbanes-Oxley Section 404. The
customized Sarbanes-Oxley 404 report package is
available free of charge to all active customers on
our customer support section.
Sarbanes-Oxley underscores Network Intelligence’s
audit, alerting and reporting capabilities. By
collecting and protecting all the data now, you will
be ready for your next audit.
FINANCIAL: GLBA
The Gramm Leach Bliley Act (GLBA) is a comprehensive
law requiring financial institutions to protect the
security, integrity, and confidentiality of consumer
information. Historically financial institutions
have been more security conscious than other
industries, but GLBA requires a higher level of
security awareness and understanding.
GLBA affects an extremely wide range of
organizations including banking institutions,
insurance companies, securities firms, tax
preparers, and credit card companies. All federally
insured financial institutions must demonstrate
enterprise-wide compliance by July 2002. After July
2002, the regulatory agencies will examine for full
compliance on an ongoing basis.
Depending upon the financial institutions’
supervisory authority, GLBA compliance audits are
conducted by either the Office of the Comptroller of
the Currency (OCC), the Federal Reserve Systems
(Fed), the Federal Deposit Insurance Corporation
(FDIC), or the Office of Thrift Supervision (OTS).
Covered institutions must develop a risk-based
information security program that includes the
involvement of the board and senior management, a
risk assessment of threats and vulnerabilities,
effective risk management and controls, monitoring
and adjusting, and board reporting.
As a result, security information and event
management (SIEM) plays a vital role in GLBA.
Network Intelligence has mapped reports to help
covered entities comply with GLBA.
GLBA underscores Network Intelligence’s audit,
alerting and reporting capabilities. By collecting
and protecting all the data now, you will be ready
for your next audit.
E-mail:
info@backupnation.com