CSEC 226B

Compliance

Introduces the student to Information Systems Security Compliance. Topics include what security compliance is, how to assess security controls (physical, procedural, and technical), and methods to remediate security gaps discovered during the security assessment using Control Objectives for Information and related Technology (COBIT), and International Standards Organization/International Electro Technical Commission (ISO/IEC 27000) as the control frameworks. Discussions conducted on compliance areas include Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Federal Information Security Management Act of 2002 (FISMA), Payment Card Industry Data Security Standard (PCI-DSS), Family Educational Rights and Privacy Act (FERPA), Childrens Online Privacy Protection Act (COPPA), and Childrens Internet Protection Act (CIPA).

Units: 3.0