While IT compliance initiatives may not necessarily make your heart race the way news about an iPhone 5 would, they could make your CFO’s heart race. That’s because regulatory requirements are a big part of what's driving IT security spending and will continue to do so in 2012. IT solution providers are in a position to reap the rewards of this opportunity by helping customers prepare for changes in the coming year. Here’s a look at seven regulatory compliance changes that you should have on your radar for 2012.
of
FFIEC
Online banking institutions will be held accountable to more rigorous security demands from the Federal Financial Institutions Examination Council (FFIEC) in January. That’s when examiners begin assessing financial institutions according to risk assessment best practices including better fraud protection and use of layered security technology to augment the multi-factor authentication laid out by the last update to FFIEC's guidance set out in 2005.
PCI DSS 2.0
Released well over a year ago, the revised specifications for the Payment Card Industry Data Security Standards (PCI DSS) second revision offer some key tweaks to requirements, including clarifications about encryption key management, network segmentation and risk-based vulnerability assessments. Enforcement of the changes starts in January.
Federal Trade Commission
While there are no new regulations from the FTC, this agency plans more enforcement of its Fair Information Practice Principles, which govern how companies collect, use and protect information about customers online. FTC cases against Google, Disney and Facebook this year for not following the principles show that companies need to treat these rules more seriously next year.
Securities Exchange Commission
In October of this year the SEC let it be known that it wanted public companies to start informing shareholders when they experience 'material cyber attacks.' In 2012, public companies must be ready to disclose the financial implications of breaches and incidents they experience going forward.
HIPAA
The coming year may well be the year that HIPAA grows teeth. The Office for Civil Rights recently started a program to audit organizations. When the OCR notifies an organization that it is subject to audit, it will only have 10 days to produce the paperwork.
ISO 27036
It may not be ratified yet, but experts believe that the ISO 27036 standard that is currently making the rounds for approval could become the defacto security standard by which third-party service providers--cloud or otherwise--are measured by prospective customers. Partners would do well to know the ins and outs of this standard before it goes live.
FinCEN
Starting in June 2012, financial institutions could potentially be required to adhere to new updates from Financial Crimes Enforcement Network (FinCEN) with regard to how they manage electronic reporting for Suspicious Activity Report (SAR) filing. These organizations will need to keep an eye on FinCEN updates and treat them with due care.
Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking. Learn More
WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace. Click Here
10 Key Ingredients That Have Made Apple So Successful
10 Reasons RIM`s New CEO Won`t Fix the Company
Eight IT Jobs Skills That Win Six-Figure Salaries
Social Media Best Practices to Land that Dream Job
Channel Executives On The Move: 2012
Why SOPA Is Such A Big Issue
See All Slideshows
