We’re not talking about plain old rules, but rather mandated rules as defined in a federally enacted legislation. As someone with a career in information security, my first answer is “yes, regulation is good for security.” Regulation helps make sure that people and companies are protecting the security of their systems, networks, and information, even minimally. If you are faced with regulatory compliance, you are faced with a legal issue. And, if you are not compliant, you are essentially breaking the law.

But the devil is in the details.

I know perfectly well that there are many standards and regulations in place. But which ones are the most impactful?

HIPAA/HITECH has been around now since 1996. The main purpose of HIPAA was originally to help ensure portability of insurance in the event an employee changes jobs. This grew as the bill grew with a variety of contributors, and soon included requirements to establish national... read more >