After you get out of the general corporate security policy doldrums, you can now begin to focus on the standards set forth by other governing bodies, such as DISA, NIST, or the PCI-DSS|SSC. We have focused on just a few here that seem to be hot-button topics for clients and lawyers alike. The first question someone will ask if there is a problem or an issue is, “Were you conforming to industry standards and best practices?” Your answer had better be a resounding YES!
Following are specific regulations addressed by industries:
• Financial Services: Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), USA Patriot Act, PCI Data Security Standard (PCI DSS), and the Basel II Accord (EU)
• Healthcare and Pharmaceuticals: