 The department of NARA provided the total guidelines to

the federal agencies, official departments and to the other

organization about the record keeping of data and the
documentary material for the purpose of strict compliance.
 When an organization is conducting the business then it will
create number of records in the form of variety of media, the
quality of record accuracy and reliability is vary from
organization to organization and from program to program.
 The guidelines provided by the government and the
relevant compliance departments will help the organization
in not only efficient record keeping as well as in making the
available data and information ready for the correct
compliance that provides the true and clear picture about
the organization..
 It provides the standards for categorizing the
information systems in order to protect from mission
impact.
 It provides standards that consist of minimum
requirements of security of information system.
 Provide guidelines in selecting the security controls
for the purpose of information system.
 Provide guidelines in assessing as well as
determining the effectiveness of security control.
 Provide guidelines in order to security authorization
about the information system.
 It also provides the guidelines about monitoring and
authorization of security information systems.
 Oversight board
 Independence of Auditor
 Financial disclosure
 All the relevant information must be now
disclosed that affect the financial status of
the business and those items are mostly off
balance sheet.
 From its implementation the law enforces
the restriction on taking the personal loan
from the corporation to its executives.
 This act applies on the financial institutions or to those
companies who offered financial services or products for
example loans, investment advice or the insurance.
 The federal trade community imposed the law on the
organizations related to the law of financial institutions that
are not covered by the federal agencies and the SEC.
 Consumer is person who obtained financial services form
the institution for himself, for his family or for the household
reasons and the customer is a person who is basically a
consumer and continuing the relationship with the
institution.
 In case if the companies share the consumer’s information
from another companies then in such case the consumers
will receive the privacy notice from the financial institutions.
The customer will receive such notice every year as long as
he or she became the customer of the company.
 All the companies equipped with the PCI DSS
means that your all business systems are secure
and customers are now able to trust you with the
information sharing about their sensitive
payments cards.
 Compliance will improve the company’s
reputation and the brand of payments and the
partners one need in doing the business.
 Compliance consists of an ongoing process and
it is not a onetime event. It will help the
institutions to prevent the security breaches as
well as from theft of card payment data.
 This is basically a federal health insurance
portability and Accountability Act 1996 and the
primary responsibility of the law is to create the
ways that help the general public to keep the
health insurance.
 The major important part of that is to provide
security and protect the confidentiality of the
health care information about the registered
individuals.
 This act basically deals in two titles one is
dealing with the portability and the second one
is focusing on the administration simplifications.
 Give rights to the patients to control their information
about their health.
 2. Set boundaries on the release of the information.
 3. Maintain the balance when the health
responsibilities support disclosure of some certain
kind of data.
 The deadline in the case of comply with the Privacy
rule in April 14, 2003 the major three types of entities
covered and specified by the rule 45 CFR and those
cover entities are as following,
1. Health plans
2. Health care providers that transfer the information
into electronic form
3. Clearing house of healthcare centers.
 This law protects the rules for securing
the legal rights of persons or group of
persons relevant to the legal rights about
the designs, inventions and about the art
work.
 It works like as the personal property
protection rights are working so we can say
that this law deals with the control of and
dealings with the personal property that are
intangible assets.
 The purpose behind this law is to provide
the people incentives to work creatively
 Committee on National Security Systems: National Information
Assurance (IA) Glossary, CNSS Instruction No. 4009, 26 April 2010.
 ISACA. (2008). Glossary of terms, 2008. Retrieved
from http://www.isaca.org/Knowledge-
Center/Documents/Glossary/glossary.pdf
 Pipkin, D. (2000). Information security: Protecting the global
enterprise. New York: Hewlett-Packard Company.
 B., McDermott, E., & Geer, D. (2001). Information security is
information risk management. In Proceedings of the 2001
Workshop on New Security Paradigms NSPW ‘01, (pp. 97 – 104).
ACM. doi:10.1145/508171.508187
 Anderson, J. M. (2003). "Why we need a new definition of
information security". Computers & Security, 22(4), 308–313.
doi:10.1016/S0167-4048(03)00407-3.
 Venter, H. S., & Eloff, J. H. P. (2003). "A taxonomy for information
security technologies". Computers & Security,