Java Reference
In-Depth Information
security practices for entities dealing with credit/debit card information. It is an important security
compliance standard that applies to entities storing, processing, or transmitting cardholder infor-
mation. Merchants, processors, third-party service providers like software developers, and busi-
ness process outsourcing irms are some entities that are under the purview of PCI compliance.
Various other legal requirements and security compliance standards include the
SB1386
, which
is the Data Privacy Act introduced by the government of California,
GLBA
(
Gramm-Leach-Bliley
Act
) for the Financial Regulation, and
HIPAA
(
Health Insurance Portability and Accountability
Act
), which calls for protection of health insurance information.
2.1.2 The Motivation for Security
In the earlier section, we explored the need for security. In this section, we will delve into the
factors that motivate individuals and organizations to develop a strong information security prac-
tice. here is a subtle diference between the need for information security and the motivation
for information security. he motivation is a more enlightened state as organizations/individuals
understand the importance of information security and are driven by a few factors to develop and
maintain an information security practice. Now let us explore what really drives individuals and
organizations to take information security very seriously. Some of them are as follows:
◾
Business value
Reputation
◾
◾
Legal and compliance
Financial impact
◾
2.1.2.1 Reputation
Reputation is the primary motivation for best-in-class organizations all over the world.
Organizations today carry a great weight of goodwill and reputation, which they would have
earned through years of relationships with their customers, suppliers, and other stakeholders. hey
realize that any untoward incident showing them in poor light would result in a severe dent in
their reputation and brand value. For instance, let us consider an individual who has been car-
rying out all his banking activities with a certain bank in his neighborhood. Let us assume that
the bank has been subject to a security breach and money has been stolen from a few accounts in
the bank. Would the individual still trust this bank to keep his money safe? He probably would
not. He would withdraw most or all of his money and place it in another, more reputable bank.
he bank would lose several of its customers, as they would share his fears, and the bank would
experience a major inancial and reputational loss. Maintaining the organization's reputation is the
prime motivation for organizations to incorporate a strong information security practice within
the organization and for their partners and customers.
2.1.2.2 Business Value
Today's world is fast changing and dynamic in nature. he world of business is even more so, because
there is no dearth of competition for an organization that is in business. here are new competitors
springing up every day, and an entity that does not adapt with the changing times faces extinction.
Organizations constantly try and showcase their unique selling propositions (often referred to as
USPs) and highlight their status as market leaders to their customers and prospective customers.
Search WWH ::
Custom Search