Legislation
Federal Information Security Management Act
(1) provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;
(2) recognize the highly networked nature of the current Federal computing environment and provide effective government-wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities;
(3) provide for development and maintenance of minimum controls required to protect Federal information and information systems;
(4) provide a mechanism for improved oversight of Federal agency information security programs;
(5) acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector; and
(6) recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.
Sarbines-Oxley Act: The Sarbines-Oxley Act of 2002 defines and formalizes and provides a legal framework for acceptable conduct regarding the retention of records, electronic and paper for public companies, executives and the general population. It establishes standards for accounting and IT infrastructures for corporate accountability as well as penalties for corporate wrongdoing. The legislation contains a total of 11 titles, ranging from additional to new responsibilities for audit committees to tougher criminal penalties for white-collar crimes such as securities fraud.
The Gramm-Leach-Bliley Act - The GLBA primarily sought to "modernize" financial services--that is, end regulations that prevented the merger of banks, stock brokerage companies, and insurance companies. The removal of these regulations, however, raised significant risks that these new financial institutions would have access to an incredible amount of personal information, with no restrictions upon its use. Prior to GLBA, the insurance company that maintained your health records was distinct from the bank that mortgaged your house and the stockbroker that traded your stocks. Once these companies merge, however, they would have the ability to consolidate, analyze and sell the personal details of their customers' lives. Because of these risks, the GLBA included three simple requirements to protect the personal data of individuals: First, banks, brokerage companies, and insurance companies must securely store personal financial information. Second, they must advise you of their policies on sharing of personal financial information. Third, they must give consumers the option to opt-out of some sharing of personal financial information.
