Computer system security remains an important issue. Recently government and industry groups have established laws and guidelines requiring business entities to enact practices that protect information regarding business operations and infrastructure. Such mandates are now generally referred to as “compliance” initiatives.
Examples of government legislated compliance include Sarbanes Oxley, which mandates protection of public company financial data, Gramm Leach Bliley, which mandates privacy protection of consumer information held by public and private companies, and the Federal Information Security Management Act, which mandates practices for protecting government IT infrastructure).
Examples of industry mandated compliance include the North American Reliability Council Critical Infrastructure Program (NERC CIP), which mandates protection of power generation, transmission and distribution facilities control systems, American Gas Association (AGA 12), which mandates protection of gas and oil pipeline control systems, and the Payment Card Industry Data Security Standard (PCI DSS), which mandates protection of systems managing point of sale/credit card transactions.
Computer systems which may be used to implement such compliance initiatives may find utility.