<P> Whereas BCM takes a broad approach to minimizing disaster - related risks by reducing both the probability and the severity of incidents, a disaster recovery plan (DRP) focuses specifically on resuming business operations as quickly as possible after a disaster . A disaster recovery plan, invoked soon after a disaster occurs, lays out the steps necessary to recover critical ICT infrastructure . Disaster recovery planning includes establishing a planning group, performing risk assessment, establishing priorities, developing recovery strategies, preparing inventories and documentation of the plan, developing verification criteria and procedure, and lastly implementing the plan . </P> <P> Below is a partial listing of European, United Kingdom, Canadian and US governmental laws and regulations that have, or will have, a significant effect on data processing and information security . Important industry sector regulations have also been included when they have a significant impact on information security . </P> <Ul> <Li> UK Data Protection Act 1998 makes new provisions for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information . The European Union Data Protection Directive (EUDPD) requires that all EU member must adopt national regulations to standardize the protection of data privacy for citizens throughout the EU . </Li> <Li> The Computer Misuse Act 1990 is an Act of the UK Parliament making computer crime (e.g. hacking) a criminal offence . The Act has become a model upon which several other countries including Canada and the Republic of Ireland have drawn inspiration when subsequently drafting their own information security laws . </Li> <Li> EU Data Retention laws requires Internet service providers and phone companies to keep data on every electronic message sent and phone call made for between six months and two years . </Li> <Li> The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232 g; 34 CFR Part 99) is a US Federal law that protects the privacy of student education records . The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education . Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record . </Li> <Li> Federal Financial Institutions Examination Council's (FFIEC) security guidelines for auditors specifies requirements for online banking security . </Li> <Li> Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires the adoption of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers . And, it requires health care providers, insurance providers and employers to safeguard the security and privacy of health data . </Li> <Li> Gramm--Leach--Bliley Act of 1999 (GLBA), also known as the Financial Services Modernization Act of 1999, protects the privacy and security of private financial information that financial institutions collect, hold, and process . </Li> <Li> Sarbanes--Oxley Act of 2002 (SOX). Section 404 of the act requires publicly traded companies to assess the effectiveness of their internal controls for financial reporting in annual reports they submit at the end of each fiscal year . Chief information officers are responsible for the security, accuracy and the reliability of the systems that manage and report the financial data . The act also requires publicly traded companies to engage independent auditors who must attest to, and report on, the validity of their assessments . </Li> <Li> Payment Card Industry Data Security Standard (PCI DSS) establishes comprehensive requirements for enhancing payment account data security . It was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis . The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures . </Li> <Li> State security breach notification laws (California and many others) require businesses, nonprofits, and state institutions to notify consumers when unencrypted "personal information" may have been compromised, lost, or stolen . </Li> <Li> Personal Information Protection and Electronics Document Act (PIPEDA)--An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act . </Li> <Li> Hellenic Authority for Communication Security and Privacy (ADAE) (Law 165 / 2011) - The Greek Law establishes and describes the minimum Information Security controls that should be deployed by every company which provides electronic communication networks and / or services in Greece in order to protect customers' Confidentiality . These include both managerial and technical controls (i.e. log records should be stored for two years). </Li> <Li> Hellenic Authority for Communication Security and Privacy (ADAE) (Law 205 / 2013) - The latest Greek Law published by ADAE concentrates around the protection of the Integrity and Availability of the services and data offered by the Greek Telecommunication Companies. The new Law forces Telcos and associated companies to build, deploy and test appropriate Business Continuity Plans and redundant infrastructures . </Li> </Ul> <Li> UK Data Protection Act 1998 makes new provisions for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information . The European Union Data Protection Directive (EUDPD) requires that all EU member must adopt national regulations to standardize the protection of data privacy for citizens throughout the EU . </Li>

Explain the cia of computer security with examples