Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
com của chúng tôi. Ở đó bạn có thể tìm thấy một hợp những tính năng giá trị gia tăng chẳng hạn như sách điện tử miễn phí liên quan đến chủ đề của cuốn sách này, URL của các trang web liên quan, Câu hỏi thường gặp từ các cuốn sách, chỉnh sửa, và bất kỳ thông tin cập nhật từ các tác giả (s). | 22 Chapter 2 Types of Certification and Accreditation At the time of this writing there is a group of industry experts that are working on transforming much of NIST s guidance used for information security management including certification and accreditation to documentation that fits better for private industry. NIST publishes excellent guidance on information security management though it is directed at federal agencies. Although the C A methodologies they describe can be adopted by anyone private industry will more readily familiarize themselves with their guidance once the term federal agency has been replaced by enterprises. Any organization that processes sensitive information should have a methodology for evaluating and accrediting the security of their systems.To protect individuals from having their medical information exposed Congress enacted the Health Insurance Portability and Accountability Act HIPAA in 1996. Sarbanes-Oxley became law in January of 2002 to regulate accounting practices and standards of publicly traded companies. Although accounting may seem like just a financial matter keep in mind that Integrity of information can be ensured only by strict security controls.Therefore Sarbanes-Oxley has become an information technology problem. Sarbanes-Oxley and the HIPAA were passed to hold certain covered entities accountable for the security of their systems but what these regulations lack are standardized methodologies. A law is one thing and a standardized process or methodology for complying with the law is quite another. FISMA HIPAA and Sarbanes-Oxley are merely laws. What has evolved out of FISMA which has not yet evolved out of HIPAA and Sarbanes-Oxley is that standardized certification and accreditation processes now exist that enable FISMA compliance. HIPAA and Sarbanes-Oxley both need standardized certification and accreditation processes. The way that HIPAA and Sarbanes-Oxley are complied with today depends on who you ask all .