Databases Reference
In-Depth Information
11
Regulations and Compliance
Chapters 1 through 10 showed you many methods and techniques for
securing your database. While there are many security products and meth-
odologies, technologies are not enough. What is also required is a willing-
ness to address the problems and invest in security solutions that will
guarantee the security and privacy of information. This willingness does
not always exist because of limited budgets. Some people point to the fact
that security does not always display a clear return on investment (ROI),
but neither does an alarm system you may install at home or insurance you
pay every year.
Leading companies understand that in the same way that people con-
tinue to protect and insure houses and cars, they must continually invest in
protecting valuable information. One incident that involves theft or
destruction of proprietary information can easily pay for a 10-year invest-
ment, and serious incidents can cripple a company for life.
For those companies that have not come to this realization, regulators
have created a large (and growing) set of regulations and frameworks aimed
at enforcing protection of information, privacy, and transparency of infor-
mation. These regulations have sprung up in the past couple of years (and
will continue to do so)—prompted by some significant damages made to
companies, and more important, to the public.
Some of these regulations, such as HIPAA for healthcare and GLBA for
financial services, are specific to certain market segments. Others are for a
certain class of companies, such as Sarbanes-Oxley for public companies
and California Senate Bill 1368 (SB 1368) for companies that maintain
personal information regarding residents of California. However, in all cases
these regulations include stringent requirements dealing with information
security and/or privacy, and all of them implement punitive consequences if
compliance is not maintained.
Search WWH ::
Custom Search