Information Security Legislation
As the value of information increases, the number of cyber crimes goes up too. The more cyber crimes are committed, the more regulatory agencies try to prevent them by creating new laws and regulations which companies storing sensitive data are obliged to comply with. Here you can find the most important U.S. regulatory acts regarding information security.

Sarbanes-Oxley Act (SOX)

Who it is for:  Public company boards, public accounting, and management firms.

What it covers: After accounting scandals at Enron, Tyco and Worldcom corporations, which lead to stock market collapse, Sarbanes-Oxley Act (SOX) was created. It is aimed to prevent investors from accounting fraud by assuring that all the reports on financial activities contain reliable information that can be verified by independent auditors. The Act sets standards and rules for audit reports and implies greater financial disclosures. A special agent inspects, investigates and enforces compliance with the requirements. Non-compliance comes with significant penalties.

Payment Card Industry Data Security Standard (PCI DSS)

Who it is for: Any company handling credit card data, the standard is in force not only in the US but in most of the countries.

What it covers: PCI DSS was instituted by major payment card brands (Visa, MasterCard, American Express, JCB and Discover). It is a set of requirements for reducing fraud and protecting customer credit card information.

Main requirements:
  1. Install a firewall and router configuration to protect cardholder data.
  2. Default system passwords supplied by the vendor must be changed.
  3. Protect stored cardholder data. In general, no cardholder data should ever be stored unless it’s essential for business purposes.
  4. Encrypt transmission of cardholder data across open, public networks. Encryption is a technology used to encode data in a way that only authorized person can read it.
  5. Anti-virus software must be installed and regularly updated.
  6. Licensed security software must be installed.
  7. Restrict access to cardholder data by need-to-know access.
  8. Assign a u