Understanding and complying with regulations provides companies with business opportunities and reduces risk. Some specific industry related regulations include finance, healthcare, and education. If audited, companies must be able to demonstrate they are aware and are in compliance with such regulations. This focus helps companies to build trusted relationships with new and existing customers; knowing their information is safe and secure. Penalties are also a consideration, when companies are not in compliance with these regulations. Fines can run upwards of millions of dollars on the high end of the spectrum, or result in long term public reputation problems on the low end. Well known regulations in include the U.S. Federal Information Security Management Act (FISMA) and the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPAA).
Companies can take on several actions to protect their systems and the information they hold, including antivirus software, firewalls, data encryption, and intrusion detecting systems.