Security Newsletter December 2005

Agencies | Online Services | Policies

Technology Security Issues in Arkansas

State Security Office

Newsletter

December 2005		Highlights \| Resources \| Articles \| Standards & Best Practices \| Hot Links
Workshops / Events • 24th Annual Computer & High Tech Law Journal Symp - Jan 27, 2006, Santa Clara Univ School of Law, San Jose, CA • RSA Conf - Feb 14-18, San Francisco, CA • Effective Risk Mgmt: Security, Compliance and Disaster Recovery - Apr 5, 2006 , New York , NY • InfoSec World Conf & Expo 2006 - Apr 3-5, 2006, Orlando, FL • Twelfth National HIPAA Summit - Apr 9-11, 2006, Washington, DC • 11th Annual BAI Audit, Compliance and e-Security Conf - Apr 24-26, 2006, Las Vegas, NV • 2006 North America Computer Audit, Control & Security Conf - May 7-11, 2006, Orlando, FL		Cybersecurity~Legislation and Compliance

		Highlights There are many mandates related to cyber security that state organizations have to be concerned about. Federal mandates, such as the Health Insurance Portability and Accountability Act (HIPAA), require state organizations to use detailed physical and technical defense mechanisms to protect personal health information. The Payment Card Industry DataSecurity Standard is not a government mandate, but a requirement of the credit card industry that specifies the way in which organizations handle credit card information. The State Security Office promulgates standards agencies must adopt to protect information technology resources. Two important pieces of legislation were passed during the 2005 legislative session that are important to state agencies. The Arkansas Personal Information Protection Act requires state agencies to notify individuals when their personal information has been disclosed. Seventeen states have similar laws. The Arkansas Consumer Protection Against Computer Spyware Act gives state government the ability to prosecute individuals that create malicious software such as spyware. More than ever, it is important to secure information systems to protect information, maintain the ability to conduct business, and be in compliance with the law. Resources Cybersecurity Mandates Federal Information Security Management Act (FISMA) Health Insurance Portability and Accountability Act (HIPAA) Security Rule (PDF) Sarbanes-Oxley Act COBIT Guidelines Payment Card Industry Data Security Standard SANS InfoSec Reading Room Legal Issues	State Security Standards & Best Practices Data & System Security Classification Password Management Personnel Security Virus Scanning Warning Banner Instant Messaging Best Practice Draft Policies, Standards & Best Practices Under Development Encryption Standard Peer-to-Peer Standard Physical/Logical Security Standard Spyware Scanning Standard Hot Links Legislation Arkansas Personal Information Protection Act Arkansas Consumer Protection Against Computer Spyware Act
		In The News December 19, 2005 - Data Privacy Issues to Persist Next Year - People may remember 2005 as the year that corporate America woke up to the problem of data breaches and the importance of data privacy...but what will 2006 bring? <Read More> October 13, 2005 - Understanding Compliance: Beyond Data Protection - There's more to regulatory compliance than data retention -- other exposures could present significant problems. <Read More> July 21, 2005 - Compliance on a Budget – 10 Easy Steps - Information security and regulatory compliance aren't easy, and nothing good is free. However, if you approach the requirements for doing business in a high-tech economy with some common sense and keep things simple and practical, your small or midsized company—and especially its cash flow -- should be quite alright. <Read More>
		© 2005