Privacy Governance Information Security Requirements Privacy Breach

Most privacy breaches are avoidable by taking simple measures.

Computer systems security requirements and protecting user privacy

Implementation steps and risk assessment

Information security programs and privacy program monitoring

Internal Audit and Risk - Technology Risk Services News

Formation of EisnerAmper Consulting Services Group Announced Jim Mack Appointed Partner-in-Charge.

Internal Audit and Risk - Technology Risk Services Articles

A A A

Privacy Governance & Information Security Requirements

Download PDF

Contact: John Fodera

January 20, 2011

Presented by:
John Fodera and Zeena Patel, EisnerAmper LLP

TABLE OF CONTENTS

Computer System Security Requirements
Implementation Steps
Information Security Programs

Computer Systems Security Requirements

Secure user authentication protocols
    Unique user IDs
    Complex and secure passwords –selection, storage or use of unique identifier technologies (biometrics, token devices)
    Access for active users
    Account lockout
    restricting access to records and files
Encryption requirement in transmission: public networks and wirelessly
Encryption requirement in stored information: all personal information stored on laptops or other portable devices
Firewall protection: systems connected to the Internet with PII files -firewall protection and reasonably up-to-date security patches
Malware and virus protection: reasonably up-to-date malware protection and patches and virus definitions, set to receive updates on a regular basis
Reasonable monitoring of systems: unauthorized use of or access to PII

Education and training: each covered entity

Implementation Steps

Implementation Steps –Risk Assessment

Privacy program will vary depending on size, complexity, type of business, and risk posture.
Privacy Impact and Risk Assessment
1. Personal information collected by your organization: types and source
2. Purpose for collection
3. Intended use
4. How secured and shared with third parties

Implementation Steps –Gap Analysis

Gap_ Analysis

Information Security Program

A well-established Information Security Program typically includes administrative, technical, and physical safeguards.
Establishing an Information Security Program:
    – Designate Program Owner
    – Consider gap analysis
    – Develop security policies
Granting access to PII on an as-needed basis
Physical access restrictions
Program monitoring
Ensuring outside vendors are in line with company privacy policies
Periodic reassessment of program
Procedures to address program violations
Security breach response procedures

Information Security Program includes:

Granting access to PII on an as-needed basis
Physical access restrictions
Program monitoring
Ensuring outside vendors are in line with company privacy policies
Periodic reassessment of program
Procedures to address program violations
Security breach response procedures

Final Thought
Most privacy breaches are avoidable through fairly simple measures.

Resources
Site Map
Privacy Policy
Terms & Conditions

An Independent Member of PKF International Limited.

Follow us on:
Facebook
LinkedIn
Twitter
YouTube