Resources

2019 New York SHIELD Act

Relates to notification of a security breach; includes credit and debit cards; increases civil penalties.


3 Security Threats Your Business Should Be Preparing for Now

It’s time to get serious about developing a cybersecurity plan to protect your data and assets.


AICPA Cybersecurity/Information Security

Breaking news stories about malware attacks, scams, hacks and identity theft have become commonplace in today’s headlines. Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of public and private organizations of all sizes. These organizations are under increasing pressure to demonstrate that they are managing threats and have effective processes and controls in place to detect, respond to, mitigate and recover from security incidences.


Anti-Phishing Working Group

APWG is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities.


California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires the Attorney General to solicit broad public participation and adopt regulations to further the CCPA’s purposes. The proposed regulations would establish procedures to facilitate consumers’ new rights under the CCPA and provide guidance to businesses for how to comply.


Center for Internet Security, Inc.

CIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.


Control Objectives for Information and Related Technologies (COBIT)

Information and technology power today’s advances, and ISACA empowers IS/IT professionals and enterprises.


COPPA - Children's Online Privacy Protection Act

Websites that are collecting information from children under the age of thirteen are required to comply with Federal Trade Commission ( FTC ) Children’s Online Privacy Protection Act (COPPA).


Department of Homeland Security - Cyber - Infrastructure

CISA is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.


Federal Information Security Modernization Act

The Federal Information Security Modernization Act of 2014 (FISMA 2014) updates the Federal Government’s cybersecurity practices by:

  • Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems;
  • Amending and clarifying the Office of Management and Budget’s (OMB) oversight authority over federal agency information security practices; and by
  • Requiring OMB to amend or revise OMB A-130 to “eliminate inefficient and wasteful reporting.”


GCA Cybersecurity ToolKit for Small Businesses

The Global Cyber Alliance (GCA) has built this toolkit for small to medium-sized businesses to address the Center for Internet Security Controls (CIS Controls) which will enable business owners to significantly reduce the cyber risks they face every day.


General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR), the Data Protection Law Enforcement Directive and other rules concerning the protection of personal data


Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.


Health Insurance Portability and Accountability Act (HIPAA) / HITECH Omnibus Rule

It is the mission of the U.S. Department of Health & Human Services (HHS) to enhance and protect the health and well-being of all Americans. We fulfill that mission by providing for effective health and human services and fostering advances in medicine, public health, and social services.


Hoax-Slayer

The goal of the Hoax-Slayer Website is to help make the Internet a safer, more pleasant and more productive environment by:

  • Debunking email and Internet hoaxes
  • Thwarting Internet scammers
  • Educating web users about email and Internet security issues
  • Combating spam


International Organization for Standardization

ISO is an independent, non-governmental international organization with a membership of 164 national standards bodies.

Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.


National Institute of Standards and Technology - Cybersecurity

NIST implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary for the U.S. to adopt cybersecurity capabilities.


NERC Critical Infrastructure Protection Standards (NERC CIP Standards)

The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the grid. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel. NERC’s area of responsibility spans the continental United States, Canada, and the northern portion of Baja California, Mexico. NERC is the Electric Reliability Organization (ERO) for North America, subject to oversight by the Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system, which serves more than 400 million people.


Ohio Breach Law

Private disclosure of security breach of computerized personal information data.


Payment Card Industry Data Security Standard (PCI-DSS)

The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.


Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act of 2002 is mandatory. ALL organizations, large and small, MUST comply.


SBA - Small Business Cybersecurity

Cyber attacks are a growing concern for small businesses. Learn about the threats and how to protect yourself.


Stay Safe Online - Cybersecure My Business

The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.


The Family Educational Rights and Privacy Act of 1974 (FERPA)

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.


The Federal Risk and Authorization Management Program (FedRAMP)

FedRAMP simplifies security for the digital age by providing a standardized approach to security for the cloud. FedRAMP facilitates the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT. The FedRAMP Program Management Office (PMO) mission is to promote the adoption of secure cloud services across the Federal Government by providing a standardized approach to security and risk assessment.