MargaretRouse stated, that the Payment Card Industry Data Security Standard (PCI DSS)is a widely accepted set of policies and procedures intended to optimize thesecurity of credit, debit and cash card transactions and protect cardholdersagainst misuse of their personal information. In2004 PCI DSS was formed by several major credit-card companies to help protectthese companies from liability and to protect cardholders information. Thereare three steps to ensure everyone is adhering to PCI DSS: Assess — identifyingcardholder data, inventory the IT assets and payment card processing, thenanalyze them for vulnerability; Remediate — fix any vulnerabilities; and Report— collecting data to submit a compliance and remediation validation records.
PCI Security Standards Council is the ones who oversee all PCI DSS policies andany other associated security standards. The Council is responsible for managing the securitystandards, while compliance with the PCI set of standards is enforced by thefounding members of the Council, American Express, Discover Financial Services,JCB International, MasterCard Worldwide and Visa Inc. (PCI DSS Quick ReferenceGuide, 2010). The PCI DSS compliance assists to safeguard againstvulnerabilities associated with service providers, online shopping,point-of-sale transactions, and wireless hotspots. It is mandatory that anybusiness that accepts and process payment cards have to comply with the PCIDSS. The PCI Data SecurityStandard PCI DSS is the global data security standard adopted by the paymentcard brands for all entities that process, store or transmit cardholder data(PCI DSS Quick Reference Guide, 2010). Here are some of PCI DSS goals and requirements: 1.
Build and Maintain a Secure Network -Install and maintain the firewall which will provide protection for storedcardholder information.2. Maintain aVulnerability by continuously updating anti-virus software or programs 3.
Implement and RestrictAccess to cardholder data 4. Regularly trackand monitor all access to the network 5. Regularly test thenetworks 6. Maintain andcomply with the Information Security Policy Health Insurance Portability andAccountability Act of 1996 (HIPAA) is a US law intended to protect the privacyof the patient and the patients’ medical information. HIPAA Security Rule is aset of security standards established to protect patient health informationwhen it is being stored or electronically transferred between entities. The Security Rulerequires appropriate administrative, physical and technical safeguards toensure the confidentiality, integrity, and security of electronic protectedhealth information (The Security Rule, 2014). In 2009 the HIPAASecurity Rule included the HITECH Act which incorporated the responsibilitiesof business; HHS established rules to implement and clarify all of the changes.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rightsannounces a final rule that implements a number of provisions of the HealthInformation Technology for Economic and Clinical Health (HITECH) Act, enactedas part of the American Recovery and Reinvestment Act of 2009, to strengthenthe privacy and security protections for health information established underthe Health Insurance Portability and Accountability Act of 1996 (HIPAA)(Omnibus HIPAA Rulemaking, 2015). A business associateis an individual or organization that performs specific tasks or services whichinvolves the use or disclosure of individually identifiable health information.Some of this task or services may include processing claims, analyzing data,billing, accounting, consulting, management, or financial services. A businessassociate contract is a contractor or non-workforce member that performsbusiness associate duties. Within these contracts, there are specificguidelines written to protect identifiable health information.
In 1901 The NationalInstitute of Standards and Technology (NIST) the nation’s oldest physicalscience laboratories was established by the U.S. Department of Commerce. NISTheadquarters is currently located in Gaithersburg, MD; with seven laboratoriesand a number of extramural programs. From the smart electric power grid and electronic healthrecords to atomic clocks, advanced nanomaterials, and computer chips,innumerable products and services rely in some way on technology, measurement,and standards provided by the National Institute of Standards and Technology(About NIST, 2017).
An essential partof NIST’s work is to anticipate the future. Fast-moving sectors such asnanotechnology, quantum information science, homeland security, informationtechnology, and advanced manufacturing need sophisticated technical supportsystems to flourish and grow (About NIST, 2017). NIST has provided this supportin a number of ways by developing and improving technologies, improvementstandards, and helping to create quality products and services. It is estimatedthat approximately 3,400 people are employed at NIST Gaithersburg, Maryland,and Boulder, Colorado facilities. NIST also has 2,700 associates within thegovernment, academia, and industry field.
Below are someexamples of what NIST has accomplished:• 1 Jan 1906 – NIST produced standard samplesalso known as standard reference materials (SRMs).• 1 Jan 1915 – NIST published the nation’sfirst model electrical safety code.• 1 Jan 1932 – Wilmer Souder a NIST employee;was the nation’s first federal forensic scientists. He assisted in creating theFBI’s crime lab.• 1 Apr 1950 – The Standards EasternAutomatic Computer (SEAC) the world’s first internally programmed digitalcomputer and created the world’s first digital image.• 2 Oct 2000 – NIST selected the Rijndaelalgorithm making it the Advanced Encryption Standard (AES) a public algorithmintended to safeguard sensitive information (About NIST, 2017).