Customer Needs Assessment

Determine Risk Tolerance

According to the report, a company’s stock price could decrease between “7.9 and 13.6 percent,” depending on the size of the company. In general, the larger the company, the more the stock price would decrease. (See Why Compliance Pays, p. 11.)

Once you know the importance of your company’s network assets, you can determine its risk tolerance. If your company stores customers’ credit card numbers, it has a low risk tolerance. That is, if a hacker stole these credit card numbers, your company would not easily recover: it might be liable to cus- tomers, which means that they could seek reparation for damages. The company’s reputation might be irreparably damaged, resulting in a loss of both existing and new customers.

Regulations

In your evaluation, you should factor in your company’s legal obligations to provide a certain level of network security. Countries worldwide have enacted privacy laws or reinforced existing ones to improve security standards for company networks.

The following are some examples of U.S. regulations:

Sarbanes-Oxley (SOX) Act of 2002—SOX was enacted to improve the accuracy and reliability of corporate disclosure, which in turn protects investors. SOX dictates that companies establish a public company accounting oversight board, which monitors auditor independence, cor- porate responsibility, and enhanced financial disclosure. It also provides a way to review the dated legislative audit requirements.

Health Insurance Portability and Accounting Act (HIPAA)—HIPAA addresses health care dangers, such as waste, fraud, and abuse in health insurance and health care delivery. HIPAA also prohibits companies that use electronic transactions and the Internet from publishing personal health information. (Before HIPAA, some companies were transferring or selling such information for commercial gain.)

Gramm-Leach-Bliley Act (GLBA)—GLBA requires companies to store personal financial information securely, advises consumers of their poli- cies on sharing personal financial information, and gives consumers the option to opt out of some sharing of personal financial information. And while it ended regulations that prevented the merger of banks, stock brokerage companies, and insurance companies, it also mitigates the risks of these mergers for the consumer:

2-16

Page 89 Page 91
Page 90
Image 90
HP Access Control Client Software manual Regulations
Page 89 Page 91
Top Page Image Contents