Regulatory and Compliance

Here are some laws that come up frequently in technology conversation and are also most often among questions on security exams.

Details
Parent Category: Resources
Category: Regulatory and Compliance
Hits: 3389
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Effective April 15th 2017, AICPA's New Cybersecurity Risk Management Examination Report

Details
Parent Category: Resources
Category: Regulatory and Compliance
Hits: 2576
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

New York State Department of Financial Services (DFS)  first-in-the-nation cybersecurity regulation to protect New York State from the ever-growing threat of cyber-attacks is now in effect. DFS Cybersecurity requires banks, insurance companies, and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.

Details
Parent Category: Resources
Category: Regulatory and Compliance
Hits: 1996
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Details
Parent Category: Resources
Category: Regulatory and Compliance
Hits: 3232
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

We just got our daily update from JDSupra (still LOVE THEM!) titled "California's Shine the Light Law: Latest Class Action Threat for Online Retailers and Electronic Commerce Companies", under the topic of Retail Industry Alert.  Here's a link to get you started, because it's important business compliance reading, but that's not why I'm sending you all this letter.

Details
Parent Category: Resources
Category: Regulatory and Compliance
Hits: 3005
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

While 15% of EU citizens report not trusting businesses with their information, they also lack the tools to securely manage their own private information.

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 3214
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Me Tarzan, You Jane is my way of reminding everyone that we can't get far without some common language.  This month, GDPR and NIST 171 are top of mind around our office.  Here's what we found helpful.

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 3515
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

 Risks in Life Logging - ENISA, because Europe saw it coming

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 2300
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

In order to propose controls that would implement the requirements of the GDPR in UK governed business, EnterpriseGRC Solutions has embarked on mapping the The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU), to the both NIST 800 53 r4 control enhancements and the HM Government (Her Majesty's) NATIONAL CYBER SECURITY STRATEGY 2016-2021. Please download the National Cyber Security document here National Cyber Security Strategy 2016-2021 - Gov.uk

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 3573
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Keith Lipman, Esq. Keith Lipman, Esq. is an outstanding writer and contributor at JDSupra

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 2443
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

EU Data Protection Authorities Approve Google’s Cloud Commitments for International Data Transfers

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 2178
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Privacy by Design, presented by Marc Vael, President ISACA Belgium 

Details
Parent Category: Regulatory and Compliance
Category: GDPR European Union Data Protection Directive
Hits: 1854
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

How old is your facebook picture? (No, don't tell me, I don't care.)  How much of our privacy obsession is related to truth?  For example, the weight on your driver's license was absolutely true, twenty-five years ago.  Is misrepresenting ourselves part of privacy or an American obsession with creating an illusion of identity.

In an honest society, what harm can really come of truth?

History of controls harmonization is really the history of managing conversations about risk. Cyber Risk Recap: What could go wrong?

Making Process Real, a seminar in preparing to meet new regulations for controls as proposed by the Sarbanes-Oxley Law was presented by Robin Basham, in Boston, MA 2003, while participating on the board of the Association for Women in Computing. This marked the first use of "Maturity Through Process", and was the basis for preparing ISO 9000 compliant companies to map to their needed SOX CobiT controls.  The work was implemented through SamePage Software, which would later be branded "Facilitated Compliance Management".  The model would be donated to open source and to this day would remain free.

Details
Parent Category: Regulatory and Compliance
Category: Unified Compliance Framework & Harmonization
Hits: 2157
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

HIPAA – HITECH, Aligning Secure Host Baselines According to Common Security Framework CSF

Details
Parent Category: Regulatory and Compliance
Category: HIPAA & HITRUST - Health Insurance Portability and Accountability Act
Hits: 2875
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Tools approach to automating ISO27002 ISMS Policy aligned continuous monitoring

Details
Parent Category: Regulatory and Compliance
Category: ISO 27002:2013 ISMS
Hits: 2733
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

I like this privacy policy.  

Details
Parent Category: Regulatory and Compliance
Category: ISO 27002:2013 ISMS
Hits: 3240
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

ISO/IEC 27001:2005 - now ISO/IEC 27002:2013

Details
Parent Category: Regulatory and Compliance
Category: ISO 27002:2013 ISMS
Hits: 1973
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) – Standards for planning, operating, and securing North America’s Bulk Power System. Protects “Critical Cyber Assets”

Details
Parent Category: Regulatory and Compliance
Category: NERC CIP North American Electric Reliability Corp Critical Infrastructure Protection
Hits: 2080
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

What Are the 13 Requirements for PCI DSS 3.2 2016 Compliance?

Navigating PCI DSS: Understanding the Intent of the Requirements, PCI DSS v3.2 

Details
Parent Category: Regulatory and Compliance
Category: PCI Compliance
Hits: 2099
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Subcategories

FFIEC Article Count:  0

FedRamp Article Count:  0

ISO 27002:2013 ISMS Article Count:  3

PCI Compliance Article Count:  2

Sarbanes-Oxley Act SOX-ITGCC Article Count:  1

Unified Compliance Framework & Harmonization Article Count:  2