Resources: Security Standards

Which security standards apply to you? Research this carefully. Here are some of the critical ones:

FIPS 140

http://en.wikipedia.org/wiki/FIPS_140-2

This standard comes from the US Government and governs how sensitive (federal) information must be encrypted. Administrations like the VA and the SSA are most concerned with this.

HIPAA

http://en.wikipedia.org/wiki/HIPAA

The Health Insurance Portability and Accountability Act is all about medical records. If you’re involved in medical care, you have some onerous HIPAA requirements. If you aren’t, but somehow possess other people’s medical records (as a lawyer might, for instance) most of it does not apply. But beware of (truly massive) civil liability.

SAS 70

http://en.wikipedia.org/wiki/SAS_70

The Statement on Auditing Standards No. 70 is a financial and accounting standard that might concern IT practitioners charged with data preservation and integrity.