CISO Tradecraft: Cyber Security Laws
CISO Tradecraft®
English - July 09, 2021 11:15 - 43 minutes - 59.1 MB - ★★★★★ - 46 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
On this episode of CISO Tradecraft, you will hear about the most prominent Cyber Security Laws:
The Health Insurance Portability and Accountability Act (HIPAA) advocates the security and privacy of personal health information
Administrative Safeguards
Physical Safeguards
Technical Safeguards
The Sarbanes-Oxley Act (SOX) is designed to provide transparency on anything that could cause material impact to the financials of a company
Cyber Risk Assessment
Identify Disclosure Controls and Policies
Implementing Cyber Security Controls Using a Reliable Framework (NIST CSF / ISO 27001)
Monitor and Test SOX Controls
The Gramm Leach Bliley Act (GLBA) requires Financial Institutions to protect Personally Identifiable Information (PII)
The Federal Information Security Management Act (FISMA) requires executive agencies in the federal government to address cyber security concerns
Plan for security
Assign responsibility
Periodically review security controls on systems
Authorize systems to Operate
The Payment Card Industry Data Security Standards (PCI-DSS) is a framework required to protect payment card information
The General Data Protection Regulation (GDPR) - Data Compliance and Privacy law for European citizens
Consent
Data Minimization
Individual Rights
The California Consumer Protection Act (CCPA) - Data Compliance and Privacy law for California residents. This law provides Californians the right to know what data is collected or sold, the right to access data, the ability to request its deletion, and the ability to opt out of it being collected or sold.
The Cybersecurity Maturity Model Certification (CMMC)- combines various cybersecurity standards and best practices and maps these controls and processes across maturity levels for Department of Defense contractors.