CYB 333 Compliance Laws

FERPA (The Family Educational Rights and Privacy Act of 1974)

doesn't require that specific information security controls be implemented to protect student records

PCI Council

has two major priorities. The first priority is to assist merchants and financial institutions in understanding and implementing standards for security policies, technologies, and ongoing processes that protect their payment systems from breaches and theft of cardholder data. Its second priority is to help vendors understand and implement the PCI standards and requirements for ensuring secure payment solutions are properly implemented.

PII (Personal Identifiable Information)

information that you can use to uniquely identify an individual, includes names, addresses, Social Security and driver's license numbers, financial account information, health records, and credentials

The Federal Trade Commission (FTC) Safeguards Rule

requires a financial institution to create a written information security program that must state how the institution collects and uses customer data.

The main goal of SOX (Sarbanes-Oxley Act)

to protect investors from financial fraud. It supplements other federal securities laws. It applies to publicly traded companies that must register with the Securities and Exchange Commission

Visa, MasterCard, and other payment card vendors helped to create the

PCI DSS

Under HIPPA (Health Insurance Portability and Accountability Act of 1996),

a breach is any impermissible use or disclosure of unsecured PHI that harms its security or privacy. Protected health information (PHI) is any individually identifiable information about a person's health

The Gramm-Leach-Bliley Act (GLBA)

addresses the privacy and security of consumer financial information, ) applies to the financial activities of consumers

Under Federal Information Security Management Act (FISMA),

all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team (US-CERT)

PCI DSS (Payment Card Industry Data Security Standard)

an international standard for handling transactions involving payment cards. developed, publishes, and maintains the standard.

Sarbanes-Oxley Act (SOX) Section 404 REQUIRES

an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR)

HIPAA (Health Insurance Portability and Accountability Act of 1996)

applies specifically to health records