Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
81828384858687888990
2-16
Customer Needs Assessment
Determine Risk Tolerance
According to the report, a company’s stock price could decrease between “7.9
and 13.6 percent,” depending on the size of the company. In general, the larger
the company, the more the stock price would decrease. (See Why Compliance
Pays, p. 11.)
Once you know the importance of your company’s network assets, you can
determine its risk tolerance. If your company stores customers’ credit card
numbers, it has a low risk tolerance. That is, if a hacker stole these credit card
numbers, your company would not easily recover: it might be liable to cus-
tomers, which means that they could seek reparation for damages. The
companys reputation might be irreparably damaged, resulting in a loss of both
existing and new customers.
Regulations
In your evaluation, you should factor in your company’s legal obligations to
provide a certain level of network security. Countries worldwide have enacted
privacy laws or reinforced existing ones to improve security standards for
company networks.
The following are some examples of U.S. regulations:
Sarbanes-Oxley (SOX) Act of 2002—SOX was enacted to improve the
accuracy and reliability of corporate disclosure, which in turn protects
investors. SOX dictates that companies establish a public company
accounting oversight board, which monitors auditor independence, cor-
porate responsibility, and enhanced financial disclosure. It also provides
a way to review the dated legislative audit requirements.
Health Insurance Portability and Accounting Act (HIPAA)—HIPAA
addresses health care dangers, such as waste, fraud, and abuse in health
insurance and health care delivery. HIPAA also prohibits companies that
use electronic transactions and the Internet from publishing personal
health information. (Before HIPAA, some companies were transferring or
selling such information for commercial gain.)
Gramm-Leach-Bliley Act (GLBA)—GLBA requires companies to store
personal financial information securely, advises consumers of their poli-
cies on sharing personal financial information, and gives consumers the
option to opt out of some sharing of personal financial information. And
while it ended regulations that prevented the merger of banks, stock
brokerage companies, and insurance companies, it also mitigates the risks
of these mergers for the consumer: