¶¶Òõ¶ÌÊÓƵ

FISMA: Federal Information Security Management Act - Provides a framework for protecting government information, operations, and assets against natural or human threats

GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive customer data

HIPAA: Health Insurance Portability and Accountability Act - Sets national standards for the protection of individuals' medical records and other personal health information

SOX: Sarbanes-Oxley Act - Requires public companies to establish internal controls and procedures for financial reporting, including IT systems security

FTC Act: Federal Trade Commission Act - Prohibits unfair or deceptive practices affecting commerce, including inadequate cybersecurity measures

CFAA: Computer Fraud and Abuse Act - Addresses computer-related crimes and unauthorized access to protected computers and networks

ECPA: Electronic Communications Privacy Act - Extends government restrictions on wire taps to include transmitted electronic data

COPPA: Children's Online Privacy Protection Act - Imposes requirements on operators of websites or online services directed to children under 13

State Data Breach Laws: Individual state laws requiring organizations to notify individuals of security breaches involving personally identifiable information

CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - Provides California residents with rights regarding their personal information and imposes obligations on businesses

NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for NY residents' private information

VCDPA: Virginia Consumer Data Protection Act - Provides Virginia residents rights over their personal data and requires businesses to comply with security requirements

CPA: Colorado Privacy Act - Provides Colorado residents with data privacy rights and imposes obligations on businesses processing personal data

NIST Cybersecurity Framework: Voluntary framework of computer security guidance for private sector organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks

ISO 27001/27002: International standards that provide requirements and guidelines for establishing, implementing, maintaining, and continually improving an information security management system

CIS Controls: A set of 18 prioritized safeguards to mitigate the most prevalent cyber-attacks against systems and networks

PCI DSS: Payment Card Industry Data Security Standard - Security standards designed to ensure all companies that process, store, or transmit credit card information maintain a secure environment

SEC Cybersecurity Requirements: Securities and Exchange Commission requirements for public companies to disclose material cybersecurity risks and incidents

NY DFS Cybersecurity Regulation: New York Department of Financial Services cybersecurity regulation requiring financial institutions to establish and maintain cybersecurity programs