Global information security spending will jump 7.9% to total $71.1 billion in 2014, according to new numbers from research firm Gartner Inc. Total information security spending is projected to grow an additional 8.2% in 2015 to reach $76.9 billion, Gartner says...
Organizations today are faced with a myriad of requirements from federal and state regulatory bodies. PCI, HIPAA and FBI Criminal Justice Information Services (CJIS) are just a few of the requirements that are faced by companies across all industries and geographies. These standards specifically state requirements for the protection of data - including encryption of data while “in flight” to and “at rest” on the target storage location.
CJIS Security Policy contains information security requirements, guidelines, and agreements reflecting the will of law enforcement and criminal justice agencies for protecting the sources, transmissions, storage and generation of the Criminal Justice Information (CJI). The Federal Information Security Management Act of 2002 provides further legal basis for the Advisory Policy Board approved management, operational, and technical security requirements mandated to protect CJI and by extension the hardware, software, and infrastructure required to enable the services provided by the criminal justice community.
The essential premise of the CJIS Security Policy is to provide the appropriate controls to protect the full lifecycle of Criminal Justice Information (CJI), whether at rest or in transit. The CJIS Security Policy provides guidance for creation, viewing, modification, transmission, dissemination, storage, and destruction of CJI. This Policy applies to every individual - contractor, private entity, noncriminal justice agency representative, or member of a criminal justice entity - with access to, or who operate in support of, criminal justices services and information.
Payment Card Industry Security Standards PCI security standards are technical and operational requirements set by the Payment Card Industry Security Standard Council to protect cardholder data. The standards globally govern all merchants and organizations that store, process or transmit this data – with new requirements for software developers and manufacturers of applications and devices used in those transactions.
HIPAA, the Health Insurance Portability and Accountability Act, was originally designed to make health insurance coverage simpler and more transparent for policyholders. Making health data both more portable and more accessible introduced major privacy concerns that affect not only health services providers and insurers but also insurance agencies and HR departments – any organization with access to confidential health records is required to abide by the information privacy aspects of HIPAA. The HIPAA Security Rule specifies the administrative, physical, and technical safeguards that must be used to assure the confidentiality, integrity, and availability of electronic Protected Health Information (PHI).