Cyber security oversight is governed by a broad range of laws, regulations, guidelines, and organizations.
Select your area of concern or responsibility below and learn how INTEGRITY Global Security can bring military grade security to your organization or enterprise.
Sarbanes-Oxley, Gramm-Leach-Bliley, SEC Rule 17a-4M
Gramm-Leach-Bliley Act The Financial Privacy Rule of GLBA governs the collection and disclosure of customers' personal financial information by financial institutions. Financial institutions, credit reporting agencies, investment advisors and others are required to design, implement and maintain safeguards to protect customer information.
INTEGRITY protects cardholder data by providing certified military-grade security through its Secure Separation Architecture.
Basel II Worldwide banking guidelines define the level of risk considered acceptable for banks to remain solvent. IT governance must be included in efforts to control and manage risk. Banks that have failure-prone IT systems may face higher capital requirements.
INTEGRITY protects data at the core through its certified technology. INTEGRITY actually eliminates risk by making it impossible for data to be removed from an INTEGRITY information domain within the Secure Separation Architecture.
SEC 17a-4 Rule 17a-4 of the Securities and Exchange Commission requires that brokerage firms store and be able to rapidly produce accurate records of securities transactions for years after the transaction date.
INTEGRITY allows access to and control of critical data based on a comprehensive policy strategy established by the financial institution.
Federal Financial Institutions Examination Council (FFIEC) has issued the FFIEC Information Technology Examination Handbook, Information Security Booklet, Dec. 2002, which recommends financial institutions should periodically:
- Ensure that their information security program: Identifies and assesses the risks associated with Internet-based products and services; Identifies risk mitigation actions, including appropriate authentication strength; and measures and evaluates customer awareness efforts.
- Adjust, as appropriate, their information security program in light of any relevant changes in technology, the sensitivity of its customer information, and internal or external threats to information; and
- Implement appropriate risk mitigation strategies.
INTEGRITY is the only operating system that is certified to be 100% secure and reliable. It enables other applications (and operating systems) to run securely on various technology platforms. INTEGRITY enables financial services firms to establish their own enterprise-wide and system-level protocols.
Sarbanes-Oxley Act The Sarbanes-Oxley Act requires leaders of publicly-traded firms, including financial services firms, to personally certify that reported financial results are accurate. To do this, reliable and secure information systems are required.
INTEGRITY has been tested and proved to be secure against hostile and intentional attack. INTEGRITY has achieved a NIST EAL 6+ rating with High Robustness.
INTEGRITY helps enterprises governed by NERC's Critical Infrastructure Protection regulations meet and exceed all requirements:
- CIP-001-1 Sabotage Reporting - INTEGRITY eliminates the possibility of cyber sabotage.
- CIP-002 Critical Cyber Assets - INTEGRITY makes the risk assessment process simpler by eliminating the risk.
- CIP-003 Security Management Controls - INTEGRITY turns the minimum requirement into a "maximum" as the security management controls will be military-grade.
- CIP-004 Personnel and Training - INTEGRITY makes cyber awareness easy as access to and control of critical data are allowed based on a comprehensive policy strategy established by the electric utility.
- CIP-005 Electronic Security - INTEGRITY protects all the assets regardless of where they reside.
- CIP-006 Physical Security - INTEGRITY provides physical security planners with the added benefit of knowing the assets are secure from social hackers.
- CIP-007 Systems Security Management - INTEGRITY enables utilities to establish their own enterprise-wide and system-level protocols.
- CIP-008 Incident Reporting and Response Planning - INTEGRITY prevents any attack from getting out of the secure hypervisor involved. Attacks can be eliminated with a single click of a mouse.
- CIP-009 Recovery Plans - INTEGRITY ensures that critical cyber assets are always safe and always available from INTEGRITY-enabled data storage facilities should physical damage create the need to rebuild an electric utility command center.
INTEGRITY helps medical services providers meet and exceed Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule requirements:
- Protect the confidentiality, integrity and availability of all electronic protected health information (EPHI) the covered entity creates, receives, maintains or transmits INTEGRITY eliminates the possibility of cyber theft of records
- Protect against any reasonably anticipated threats or hazards to the security or integrity of such information INTEGRITY keeps medical records separate and secure from open or public information and prevents medical records from being accessed, copied, deleted, or changed by anyone not authorized to have access to the data
- Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule INTEGRITY allows medical services companies to establish their own enterprise-wide and system-level protocols
- Ensure compliance by its workforce Because INTEGRITY allows for organizations to establish their own usage protocols, workforce compliance is not a choice made by workers, it's inherent to the system
- The HIPAA Security Rule includes specific security standards in three main areas that must be met in order to ensure compliance:
- Administrative Safeguards includes four required implementation specifications: risk analysis, risk management, sanction policy and information system activity review
- INTEGRITY makes compliance simpler by completely eliminating risk
- Physical Safeguards includes standards for facility access controls; standards for proper workstation use and physical security of workstations that access EPHI; and policies and procedures that control receipt, movement and removal of hardware and electronic media that contain EPHI
- INTEGRITY makes compliance simpler by enabling the development of system-level usage protocols that ensure proper workstation use and can make it impossible to successfully move data from one media to another
- Technical Safeguards includes specifies on how to use technology to protect EPHI. These standards focus on access control and authentication; transmission security (including the need to protect both the data's integrity and confidentiality such as with encryption); policies and procedures to protect EPHI from improper alteration or destruction; and methods for providing audit controls
- INTEGRITY makes compliance simpler as it has been certified 100% secure and reliable, enables enterprise-wide and system-level protocols to set, and its Secure Separation Architecture ensures EPHI is safe from edit or deletion
INTEGRITY helps banks and credit card issuers meet or exceed PCI DSS requirements. The FDIC has for some time required that financial institutions implement PCI DSS procedures for protecting credit card data. INTEGRITY enables compliance with these requirements and even empowers companies to go above and beyond them.
Build and Maintain a Secure Network
- Requirement 1: Install and maintain a firewall configuration to protect cardholder data -- Deployment of perimeter-based defenses via firewalls and other external security appliances to safeguard information has proven to be woefully inadequate. INTEGRITY protects data at the core through its certified technology
- Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters INTEGRITY goes well beyond password protection as INTEGRITY enables utilities to establish their own enterprise-wide and system-level protocols.
Protect Cardholder Data
- Requirement 3: Protect stored cardholder data INTEGRITY protects cardholder data by providing certified military-grade security through its separation technology.
- Requirement 4: Encrypt transmission of cardholder data across open, public networks Encryption technology is an important preventive measure, but not in itself sufficient to guarantee data security, as demonstrated in the cases of TJX and Hannaford Bros. Only INTEGRITY has the High Robustness rating to protect the most valuable data under the levels of cyber threat.
Maintain a Vulnerability Management Program
- Requirement 5: Use and regularly update anti-virus software Antivirus software is important, but not sufficient to deter serious criminal threats. INTEGRITY eliminates with a single mouse click and INTEGRITY makes it impossible for a virus to be propagated to other computers.
- Requirement 6: Develop and maintain secure systems and applications INTEGRITY is the only operating system that is certified to be 100% secure and reliable. It enables other applications (and operating systems) to run securely on various platforms
Implement Strong Access Control Measures
- Requirement 7: Restrict access to cardholder data by business need-to-know INTEGRITY enables enterprise-wide usage policies to be established. Users and applications will only have access to the data they need to be productive and can be limited as to what they can do with that data.
- Requirement 8: Assign a unique ID to each person with computer access -- INTEGRITY provides military-grade security management controls.
- Requirement 9: Restrict physical access to cardholder data -- INTEGRITY allows access to and control of critical data based on a comprehensive policy strategy established by the financial institution.
Regularly Monitor and Test Networks
- Requirement 10: Track and monitor all access to network resources and cardholder data INTEGRITY enables tracking and monitoring of access to network resources and cardholder data. More importantly, INTEGRITY controls which users and applications can access data and resources.
- Requirement 11: Regularly test security systems and processes INTEGRITY has been tested and proved to be secure against hostile and intentional attack. INTEGRITY has achieved a NIST EAL 6+ rating with High Robustness.
Maintain an Information Security Policy
- Requirement 12: Maintain a policy that addresses information security Deployment of INTEGRITY is the cornerstone of any corporate information security policy.
Certified as secure and reliable for both military and non-military use as a result of the most rigorous testing and evaluation possible, INTEGRITY offers:
- True security
- Open communication is possible without risk to critical assets
- Mission critical assets and applications remain completely safe and secure
- Cost savings
- One box, one network; no need for physical separation based on security
- Simultaneous support of legacy and mission critical applications
- Form flexibility
- Protect desktop PCs, servers, Thin-Client Workstations and even PDAs
- Open Standards
- Supports Windows and Linux
- Supports native POSIX-compliant applications
- Certified security and reliability no other operating system can offer this level of security and reliability and no other operating system has ever been certified to the levels of INTEGRITY