US Cybersecurity Federal Law

bybicky
0


Computer Fraud and Abuse Act (CFAA)

  1. The computer Fraud and Abuse Act is a US cyber security bill that was enacted in 1984.
  2. Federal Information Security Management Act of 2002 (FISMA)
  3. Federal Information Security Modernization Act of 2014 (FISMA 2014)

FISMA assigns specific responsibilities to federal agencies, the NIST and the office of management and Budget (OMB) in order to strengthen information security system.

----------------------------------------------------------------------------------------------------------------------------------------

General Data Protection Regulation (GDPR)

  • Compliance
  • Data protection
  • Personal Data

GDPR

The EU (European Union) GDPR came into effect on 25 May,2018 and presents the biggest change in data privacy in two decades.The legislation aims to give control back to individuals located the EU over their personal data and simplify the regulatory environment for international business.

4% or €20M = Potential penalty for non-compliance per incident!

Five keys GDPR Obligations

  1. Rights of EU data subjects.
  2. Security of personal data.
  3. Consent.
  4. Accountability of compliance.
  5. Data protection by design and by default.

Data subject

An identified or identifiable living natural person.

Controller

Determines the purpose and means of processing of personal data.

Processor

Processes personal data on behalf of the controller.

Personal Data

Any information relating to Data Subject.

Processing

Any operation performed on personal Data (includes storage,access) anywhere in the world. 

The international Organization for Standardization (ISO) 27001  

  • The ISO 2700 family of standards helps organizations keep information assets secure.
  • ISO/IEC 27001 is the best known standard in the family providing requirements for an information security management system (ISMS)
The standard provides requirements for establishing,implementing,maintaining and controller,improving an information security management system.
  • Also becoming more common
           ISO 270018- Privacy
  • Others based on industry/application e.g.
           ISO 270017 - Cloud security
  • ISO 27001 certification can provide credibility to a client of an organization.
  • For some industries,certification is a legal or contractual requirement.
  • ISO develops the standards but does not issue certifications.
  • Organizations that meet the requirements may be certified by an accredited certifications body following successful completion of an audit.

 

Tags:

Post a Comment

Previous Post Next Post