Lab: Align Compliance Requirements to FISMA, SOX, HIPPAA, GLBA, PCI DSS and AICPA
Lab 6
Align compliance requirements to FISMA, SOX, HIPPAA, GLBA, PCI DSS and AICPA
Hyung Ryu
ITT Technical College, Everett Campus
Author Note This assignment is being submitted on July 22, 2014, for Even Anderson introduction to project management PM3110
1. What are the five principles of the AICPA Trust Services & principles criteria?
2. What does the AICPA Trust Services & Principles Criteria recommend for concerning inactive user accounts on a web site?
3. With what section of SOX would the IT professional deal the most and why?
4. In HIPAA, under what scenario is a healthcare provider required to notify all patients and the department of health and human services when a security breach is discovered?
5. Where would someone go in order to find the quarterly and annual reports for a publicly-traded company to verify SOX compliance?
6. Describe the various levels of PCI DSS compliance as defined by VISA
7. In HIPAA, what information is protected and who is covered by the Security Rule?
8. For the 12 core requirements of the PCI DSS standard, what are the 3 steps or phases for assessing and reviewing compliance with the PCI DSS standard?
9. What are the fines associated with violating HIPAA compliance requirements?
10. What are the PCI DSS Procedures used when auditing an organization for security?
11. What are the 11 titles of mandates and requirements for SOX compliance?
12. What purpose may COBIT serve to help maintain compliance for regulations such as Sarbanes-Oxley?
13. What is the Safeguard Rule as it relates to GLBA?
14. What is the purpose of the PCI security audit procedures?
15. Describe the process to still obtain/maintain PCI DSS compliance even though a required security control/process is unrealistic for an organization?
Align compliance requirements to FISMA, SOX, HIPPAA, GLBA, PCI DSS and AICPA
Hyung Ryu
ITT Technical College, Everett Campus
Author Note This assignment is being submitted on July 22, 2014, for Even Anderson introduction to project management PM3110
1. What are the five principles of the AICPA Trust Services & principles criteria?
2. What does the AICPA Trust Services & Principles Criteria recommend for concerning inactive user accounts on a web site?
3. With what section of SOX would the IT professional deal the most and why?
4. In HIPAA, under what scenario is a healthcare provider required to notify all patients and the department of health and human services when a security breach is discovered?
5. Where would someone go in order to find the quarterly and annual reports for a publicly-traded company to verify SOX compliance?
6. Describe the various levels of PCI DSS compliance as defined by VISA
7. In HIPAA, what information is protected and who is covered by the Security Rule?
8. For the 12 core requirements of the PCI DSS standard, what are the 3 steps or phases for assessing and reviewing compliance with the PCI DSS standard?
9. What are the fines associated with violating HIPAA compliance requirements?
10. What are the PCI DSS Procedures used when auditing an organization for security?
11. What are the 11 titles of mandates and requirements for SOX compliance?
12. What purpose may COBIT serve to help maintain compliance for regulations such as Sarbanes-Oxley?
13. What is the Safeguard Rule as it relates to GLBA?
14. What is the purpose of the PCI security audit procedures?
15. Describe the process to still obtain/maintain PCI DSS compliance even though a required security control/process is unrealistic for an organization?