What Is Application Security?, Page 2
A number of government regulations and industry standards such as HIPPA (Health Insurance Portability and Accountability Act), SOX (Sarbanes-Oxley Act), GLBA (Gramm-Leach-Bliley Act), and CI DSS (Payment Card Industry Data Security Standard) affect how companies do business every day and directly influence how technology is implemented and should be protected and secured.
The Act requires the creation of national standards for transfer of health care data among providers, health insurance companies, and employers. HIPPA has provisions that deal with the security and privacy of health data.
The Act's Financial Privacy Rule provides directives on the collection and disclosure of privacy data (a customer's financial information). The Safeguards Rule requires all companies to put safeguards in place to protect customer information. Companies are required to have policies that protect customer's information from security threats. The Act also governs how a customer's information is gathered and disclosed.
This is a standard that was created by major credit card companies to prevent credit card fraud and protect customers from security threats and vulnerabilities. Companies that process, store, and/or transmit credit card data go through regular audits that confirm whether they are compliant with PCI DSS.
Impact of Regulations and Standards
In summary, these and other regulations make it practically impossible for companies to ignore the security considerations involved in using technology. Because, in many cases, a company's executive managers have to take full responsibility for the data reported, they need to make sure that the data is absolutely accurate. And, because handling customer Personally Identifiable data is under stringent control from these laws, once again executive management has to put controls and processes in place to safeguard the data as per the regulations. As a result of this, many application security initiatives come down from company's top management down to all ranks.
In this article, you looked at the definition of Application Security and discussed how it affects companies and technologists. You looked at the legal and regulatory procedures and standards that impact application security. Future articles will look closely at application threats and will discuss what can be done to protect them in greater detail.
About the Author
Irina Medvinskaya has been involved in technology for over 10 years. She has worked on various applications supporting banking, financial, and media companies. She currently works at Guardian Life Insurance Company as a Project Manager, Application Security & Controls.