Information Security

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a comprehensive law affecting institutions and departments that deal with protected health information.

Requirements
HIPAA includes requirements to protect the security, integrity, and confidentiality of this health-related information. These requirements apply to departments at Purdue that have been officially designated by the HIPAA Privacy Compliance Office as covered by HIPAA. To be HIPAA compliant, departments must develop, implement, and enforce a comprehensive security program including administrative, technical, and physical safeguards as determined appropriate for the institution and data. In addition to developing their own safeguards, departments are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The Gramm Leach Bliley Act (GLBA) is a comprehensive law affecting institutions and departments that deal with financial information which includes nonpublic personal information such as addresses and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers.

Requirements
The GLBA includes requirements to protect the security, integrity, and confidentiality of this consumer information. To be GLBA compliant, organizations must develop, implement, and enforce a comprehensive information security program including administrative, technical, and physical safeguards as determined appropriate for the institution and data. In addition to developing their own safeguards, organizations are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The Gramm-Leach-Bliley Act of 1999 is also known as the Financial Services Modernization Act. It is intended to protect consumers and customers who obtain "financial products or services to be used primarily for personal or other household purposes". The Risk assessment is an important element of GLBA and the Federal Trade Commission has identified four areas that must be addressed:

(1) Information Systems,
(2) Employee Management and Training,
(3) Managing System Failures and
(4) Service Providers.

Here are the differences:
IT Outsourcing is distinct from other services outsourcing
- IT evolves rapidly making sourcing decisions highly volatile.
- Underlying economics of IT changes rapidly.
- IT is tightly integrated with other organisational functions.
- Switching costs are often prohibitive.
- IT Outsourcing clients are still highly inexperienced.

Download Free Information Security Maturity Level Assessment

Security Program
- Identification of Information Security Officer
- Security Plan
- Education & Security Awareness Training