Licenciado

Seguridad en Base de Datos



Traducción de palabras técnicas

•Data breach: •Organization asset: •Forensic analysis: •Security regulations: •Regulatory compliance: •Data encryption: •Threat:

Fuga o pérdida de datos. Activos de la organización. Análisis forense. Normas de seguridad. Cumplimiento de normas. Cifrado de datos. Amenaza.

Chapter 1: Security Regulations

The cost of adata breach

•Data constitutes organization’s most important and prized asset. •Information can describe an institution’s relationship with its customers, competitive or proprietary processes, trading relationships with partners, and tactical and strategic positioning against their competitors. •When data is lost or stolen, real and significant damage can occur. •Potential costs associated withDeveloping and Understanding. •Additional security infrastructure, such as encryption and auditing solutions.

Actions after a data breach

•Forensic analysis and internal investigation of the theft. •Notification campaign, emails, phone calls, letters, and so on. •Call center costs due to increased volume of customer traffic. •Legal costs for defense and investigation. •Internalinvestigations resulting in mitigation. •Classify to salvage customer and investor relations. •Fees and penalties.

Indirect Costs after a data breach

•Loss of employee productivity. •Erosion of customer base due to loss of confidence. •Reticence for new customers to establish relationships. •Reduced shareholder confidence and value. •Decreased competitive standing. •ROI Calculation.

Regulatorycompliance

•Health Insurance Portability and Accountability Act of 1996. (HIPAA) •Gramm-Leach-Bliley Act of 1999. (GLBA) •Sarbanes-Oxley Act. (SOX) •California Senate Bill 1386. (SB 1386) •Payment Card Industry Data Security Standard. (PCI) •IBM Data Server Security. (ISS) •Ley Federal de protección de datos personales en posesión de los particulares (LFPDPPP)

HIPAA

•Also known as PublicLaw 104-191 or the Kennedy-Kassenbaum Bill, is an act passed by the U.S. Congress and signed into effect on August 21, 1996. •Guarantee health insurance coverage of employees. •Reduce health care fraud and abuse. •Implement administrative simplification to augment effectiveness and efficiency of the health care system. •Protect the health information of individuals against access without consent orauthorization.

GLBA

•Enacted on November 12, 1999, approximately seven months after the merger between Citicorp and Travelers Group to form Citigroup. •Ensure the security and privacy of customer information. •Protect against threats to the security and integrity of customer information. •Protect against unauthorized access or usage of this information that could result in harm orinconvenience to the customer.

SOX
•Passed by the U.S. Senate and the U.S. House of Representatives with large majorities and signed into law on July 30, 2002. •Audit committee issues. •Audit committee expertise. •Enhanced review of periodic disclosures. •New oversight board for corporate governance. •Certification of financial statements. •Improper influence of conduct of audits. •Forfeiture ofbonuses and profits (in some cases). •Off-balance sheet transactions. •Pro-forma financial information. •Dealings with securities analysts.

SB 1386

•In September 2002, the Governor of California signed Senate Bill 1386 into effect. •In effect this means that any business that maintains personal information of a resident of California must have the appropriate provisions and capabilities to knowwhen this information may have been accessed by an unauthorized person.

PCI

•The standard includes 12 requirements across six categories, concentrating on data authentication, access control, audits, and data encryption. To comply, companies that handle payment card information are required to establish stringent security policies, processes, and procedures.

ISS

•Securing data...