Security is the keyword that makes or breaks an organization and an essential requirement of cloudification of your business. Even though it is debatable whether compliance and security are one and the same, it is easy to see that security concerns begat the other.
Instead of adding a reading list, I am summarizing some of the security related acronyms that I came across while looking at the security standards and the standards adopted by some of the countries.
Here are some links to Asian Standards.
China:
http://csis.org/publication/national-security-and-chinas-information-security-standards
India:
This is quoted from the following:
"The International Standard IS/ISO/IEC 27001 on “Information Technology –
Security Techniques – Information Security Management System – Requirements”
has been adopted by the country"
In effect it adopts IEC 27001 for its requirements.
http://www.naavi.org/cl_editorial_11/draft_guidelines_43A-79-cyber_cafe/senstivepersonainfo07_02_11.pdf
Japan:
Also follows ISO 27001 and it is required by companies just like in India.
http://www.safis-solutions.com/resources/IndustryNews/iso27001.shtml
Regarding the acronyms:
PII is ―"any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information."
The above is taken from NIST's document at this link:
http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
Although this is a very broad definition, because of our education, work, or other activity the PII for most people should readily be available. It also turns out that even if you are non-PI source now, once you carry our activities like applying for driver's license; getting an new email address etc may turn you into a PII source.
More here on this:
http://www.gsa.gov/portal/content/104256
PCI
Payment Credit Card Industry Data Security Standard (PCI DSS) applicable to credit card transactions. PCI DSS puts down the requirments to secure entities that deal with processing, storing or transmitting credit card information. There are no visible penalites for not being PCI compliant.
PA DSS is Processing Application Data Security Standard where the application includes entities that store, transmit Credit Card Information electroncally such as Point-of-sales devices at retail stores; shopping carts on on-line; restaurants; your tax preparer etc.
Members of Payment Card Industry Security Standard Council (PCI SSC) are American Express, Discover, JCB, MasterCard or Visa
More here:
https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0
PIPEDA - Canada
Personal Information Protection and Electronic Documents Act (PIPEDA) is an act of Canadian government related to electronic commerce.
"An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act
"
This is a quote from the following site:
Details here:
http://laws-lois.justice.gc.ca/eng/acts/P-8.6/
Directive 95/46/EC - Europe
A directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Download the directive in pdf here:
http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf
This here,
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
Comprehensively covers the global features of 'Personal Privacy'. It is good read.
No comments:
Post a Comment