2019 New York SHIELD Act
Relates to notification of a security breach; includes credit and debit cards; increases civil penalties.
AICPA Cybersecurity/Information Security
Breaking news stories about malware attacks, scams, hacks and identity theft have become commonplace in today’s headlines. Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of public and private organizations of all sizes. These organizations are under increasing pressure to demonstrate that they are managing threats and have effective processes and controls in place to detect, respond to, mitigate and recover from security incidences.
Anti-Phishing Working Group
APWG is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires the Attorney General to solicit broad public participation and adopt regulations to further the CCPA’s purposes. The proposed regulations would establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply.
Center for Internet Security, Inc.
CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.
Federal Information Security Modernization Act
The Federal Information Security Modernization Act of 2014 (FISMA 2014) updates the Federal Government’s cybersecurity practices by:
- Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems;
- Amending and clarifying the Office of Management and Budget’s (OMB) oversight authority over federal agency information security practices; and by
- Requiring OMB to amend or revise OMB A-130 to “eliminate inefficient and wasteful reporting.”
GCA Cybersecurity ToolKit for Small Businesses
The Global Cyber Alliance (GCA) has built this toolkit for small to medium-sized businesses to address the Center for Internet Security Controls (CIS Controls) which will enable business owners to significantly reduce the cyber risks they face every day.
Gramm-Leach-Bliley Act (GLBA)
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
The goal of the Hoax-Slayer Website is to help make the Internet a safer, more pleasant and more productive environment by:
- Debunking email and Internet hoaxes
- Thwarting Internet scammers
- Educating web users about email and Internet security issues
- Combating spam
International Organization for Standardization
ISO is an independent, non-governmental international organization with a membership of 164 national standards bodies.
Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.
NERC Critical Infrastructure Protection Standards (NERC CIP Standards)
The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves more than 400 million people.
Ohio Breach Law
Private disclosure of security breach of computerized personal information data.
Stay Safe Online - Cybersecure My Business
The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.
The Family Educational Rights and Privacy Act of 1974 (FERPA)
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
The Federal Risk and Authorization Management Program (FedRAMP)
FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud.
FedRAMP facilitates the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.
The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government by providing a standardized approach to security and risk assessment.