News Feature | April 13, 2015

6 Security Laws And Standards IT Solutions Providers Should Know

By Ally Kutz, contributing writer

6 Security Laws IT Solutions Providers Should Know

In order to help your IT clients understand security, you must understand the laws and standards that apply to their sectors. Here are six security laws and standards, provided in an infographic from SysCloud that you should know.

  • FERPA. The Family Educational Right and Privacy Act (FERPA) was created in 1974 to protect students’ educational records from public exposure, allowing parents and students special access as well as the ability to correct any inaccurate records.
  • PCI DSS. Payment Card Industry Data Security Standards (PCI DSS) was created in 2004 and is composed of 12 requirements and 304 controls, all designed to protect cardholders’ data; 74 percent of attacks target payment card info in the areas of retail, lodging, and food service. 90 percent of companies fail a PCI DSS baseline assessment.
  • FISMA. The Federal Information Security Management Act (FISMA) was created in 2011 and requires all government agencies and third parties to develop, implement, and maintain security plans to protect info and assets. Now, 29 percent of agencies are more than 90 percent compliant with FISMA — and 65 percent of government employees don’t know what FISMA is.
  • SOC. The Service Organization Controls (SOC) are a series of standards created in 2002 to assess the design and operating effectiveness of controls at service organizations. Divided into three reports, SOC focus on controls relevant to user control over financial reporting, as well as controls relevant to availability, security, processing integrity, privacy, and confidentiality.
  • HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) was created in 1996 to protect all patient information in the health care industry. This act requires security and privacy standards from all health insurance providers as well as employers. According to SysCloud, an average security breach at a healthcare organization can cost upwards of $810,000.
  • CIPA. The Children’s Internet Protection Act (CIPA), created in 2000, requires any institution that receives federal funding to protect children from harmful Internet content. According to the infographic, 98 percent of American schools monitor and filter online content available to their student, and any school non-compliant loses federal funding.