PCI DSS (Payment Card Industry Data Security Standard) was defined by the Payment Card Industry Security Standards Council to increase controls around cardholder’s data and to reduce credit card frauds. The compliance can be verified by an external Qualified Security Assessor (QSA) or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volume of transactions.

The Data Protection Act 1998 requires every data controller who is processing personal information in an automated form to notify, unless they are exempt. Failure to notify is a criminal offence. Register entries have to be renewed annually. If you are required to notify but don’t renew your registration, you are committing a criminal offence.

Collectively the ISO 27000 series consists of 9 standards (27001-27010) and each of them provided for specific focus on specific function. In addition other 6 standards are defined to focus on related domains e.g. telecom, BCP, Network & Application Security etc.

The United States Department of Defense (DoD) introduced DoD Information Assurance Certification and Accreditation Process (DIACAP) as a risk management standard for to apply on Department of Defense Information Systems. DIACAP defines a set of activities and structural process for the certification and accreditation (C&A) of DoD Information Systems and it is applied throughout the system’s life cycle.

Where to use COBIT Framework?
COBIT may be evaluated under two different contexts. It provides a generic Process Framework that can be used to comply with global standards like SOX, ISO 27001, ITIL or PMBOK etc. At the same time COBIT Framework defines very specific and detailed framework to plan, execute, control and measure all IT enabled initiatives & services in your organization. Many organizations have been using COBIT...

What is HIPAA and Privacy & Security Rules?
HIPAA is The Health Insurance Portability and Accountability Act. U.S. Department of Health & Human Services (HHS) published HIPAA Privacy Rule and HIPAA Security Rule to define regulatory standard for protecting the privacy & security of health information data.

Federal Information Security Management Act (FISMA) is part of the E-Government Act (Title III) that requires each U.S. federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.

Statement on Auditing Standards No. 70: Service Organizations, commonly abbreviated as SAS 70 is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) with its content codified as AU 324. SAS 70 provides guidance to service auditors when assessing the internal control of a service organization and issuing a service auditor’s report. SAS 70 also provides guidance to auditors ...

Sarbanes Oxley Act (SOX) is a United States legislation enacted in response to the high-profile financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act contains 11 titles, or sections, ranging from additional corporate board responsibilities to criminal penalties, and requires the Securities and Exchange Commission (SEC) to implement rulings on requirement...