6.2 short answer
docx
keyboard_arrow_up
School
Indiana Wesleyan University, Marion *
*We aren’t endorsed by this school
Course
320
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by abjzumur
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
Business Model
Compliance
Publicly Traded Retailer with retail outlets and online
SOX and PCI DSS
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
shopping/shipping
A city government allows those with parking tickets to pay the fines
online using a credit card or online check
PCI DSS Only
A local residential cleaning business with a website that acts as a
company brochure. No forms of any type are located on the website
Nothing
A regional health care organization with 16 clinics that shares patient
information electronically over the Internet using VPN technologies
HIPAA
A private, locally-owned bank with a company website that accepts
loan applications online.
GLBA
A local doctor's office keeps all patient information at the office. Do not
share electronically with anyone. The office does not have a web site or
use any custom developed software.
Nothing
A software development company that develops and licenses online
shopping software to large corporations
PCI DSS Only
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
An online only retailer that sells athletic equipment. The shopping cart
software has been developed in-house. However, when a customer
makes a purchase, pay pal is used.
PCI DSS Only
Table 2: Regulatory Compliance Matrix
Regulatory or Industry compliance
Organization
Reason/Explanation
FISMA
Department of Defense
Federal Entity
PCI DSS Only
City of Los Angeles
Accepts payment for parking
tickets online
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
HIPAA
Kaiser Permanente
Healthcare Organization
GLBA
Wells Fargo Bank
Financial Institute
SOX
Merrill-Lynch
A public company that has debt
securities
GLBA & PCI DSS
Citibank
Financial Institute that handles
the transmission of credit card
information electronically
a.
In HIPAA, what information is protected, and who is covered by the security rule? What
information is protected? Who is covered by the Security Rule?
Ans: “
The Security Rule protects a subset of information covered by the Privacy Rule, all individually
identifiable health information a covered entity creates, receives, maintains, or transmits in electronic
form. The Security Rule calls this information electronic protected health information" (e-PHI).
3”(
Rights,
2022).
The Security Rule does not apply to PHI transmitted orally or in writing”. The Security Rule applies
to health plans, healthcare clearinghouses, and any healthcare provider who transmits health
information electronically in connection with a transaction for which the Secretary of HHS has adopted
standards under HIPAA (the "covered entities") and to their business associates.
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
b.
What are the five principles of the AICPA Trust Services and Principles Criteria?
Ans: The AICPA Trust Services Principles and Criteria (TSP) are essentially control criteria established by
the Assurance Services Executive Committee (ASEC) and consist of Security, Availability, Processing
Integrity, Confidentiality, and Privacy. There are Five Trust Services Criteria (TSP). As to the actual Trust
Services Principles and Criteria (TSP), they comprise of the following:
Security
Availability
Processing Integrity
Confidentiality
Privacy
c.
Review and discuss PCI DSS, HIPAA, SOX, FISMA, and GLBA, as well as how an organization is
classified for compliance. Review the purpose of the AICPA "Trust Services" as it relates to
personal privacy.
Ans:
Healthcare information is among the most private and sensitive information in regular use.
Because both digital and physical records are expected,
HIPAA compliance
is slightly different from
other compliance regulations in that it has both Physical and Technical Safeguards to follow.
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
“The goal of all SOX-based compliance measures should be to safeguard all financial data. By
protecting this data, you assure its integrity” (Regulatory
Compliance, n.d.)
. Thus, many
companies encrypt all sensitive financial data, protecting it from unauthorized access.
GLBA compliance starts with how financial institutions interact with their customers. They must first
protect customer data from being accessed by unauthorized parties. These institutions must also
communicate to customers how their financial data will be used and who it will be shared with.
Customers must also be allowed to opt out if they are unwilling to have their information shared
with any third parties.
The primary difference between each set of
compliance regulations
is that they all focus on
protecting different data types. HIPAA protects a patient's healthcare information, SOX protects the
financial information of public companies, and GLBA protects the data of financial institution
customers.
SOC 2, aka Service Organization Control Type 2, is a cybersecurity compliance framework developed by
the American Institute of Certified Public Accountants (AICPA). The primary purpose of SOC 2 is to
ensure that third-party service providers store and process client data securely.
The framework specifies criteria to uphold high data security standards based on five trust service
principles: security, privacy, availability, confidentiality, and processing integrity.
Error! Filename not specified.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
6.2 Research Short Answer: Align Compliance Requirements to FISMA, SOX, HIPAA, GLBA, PCI DSS,
and AICPA
Reference
HIPAA Security Rule – MEDX | More than just secure texting for healthcare.
(n.d.).
https://www.medxssl.com/hipaa-security-rule/
Regulatory Compliance: The Differences Between HIPAA, SOX, and GLBA.
https://www.sharetru.com/blog/regulatory-compliance-with-hipaa-sox-and-glba