CS-3861
GLBA(U.S. Gramm-Leach-Bliley Act)
Also known as the Financial Services Modernization Act of 1999, relevant provisions include the Financial Privacy Rule and the Safeguards Rule, which require financial institutions to implement privacy and information security policies to safeguard the nonpublic personal information of clients and consumers.
GDPR (General Data Protection Regulation)
Applies to any organization that does business with E.U. citizens. It strengthens data protection for E.U. citizens and addresses the export of personal data outside the European Union
PCI DSS (Payment Card Industry Data Security Standard)
Applies to any organization that transmits, processes, or stores payment card (such as debit and credit cards) information. PCI DSS is mandated and administered by the PCI Security Standards Council (SSC) comprising Visa, MasterCard, American Express, Discover, and JCB.
Endpoint
Can include servers and network equipment, the term is generally used to describe end-user devices.
Software as a Service (SaaS)
Cloud computing service model and the capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings
Business intelligence (BI) and business analytics software
Consists of tools and techniques used to surface large amounts of raw unstructured data from a variety of sources (such as data warehouses and data marts) (IBM Cognos, MicroStrategy, Oracle Hyperion, and SAP)
NERC-CIP
Defines cybersecurity standards to protect physical and cyber assets necessary to operate the BES, the power grid, of the United States and Canada. The standards are mandatory for all BES-generating facilities with different criteria based on tiered classification system
PIPEDA (Personal Information Protection and Electronic Documents Act)
Defines individual rights with respect to the privacy of their personal information, and governs how private sector organizations collect, use, and disclose personal information in the course of business
CISA (U.S. Cybersecurity Information Sharing Act)
Enhances information sharing about cybersecurity threats by allowing Internet traffic information to be shared between the U.S. government and technology and manufacturing companies
HIPAA(U.S. Health Insurance Portability and Accountability Act)
Establishes national standards to protect individuals' medical records and other personal health information. It requires appropriate safeguards for protected health information (PHI) and applies to covered entities and their business associates.
U.S. Federal Exchange Data Breach Notification Act of 2015.
Further strengthens HIPAA by requiring health insurance exchanges to notify individuals whose personal information has been compromised as the result of a data breach as soon as possible, but no later than 60 days after breach discovery.
FISMA (U.S. Federal Information Security Modernization Act)
Known as the Federal Information Security Management Act prior to 2014, implements a comprehensive framework to protect information systems used in federal government agencies.
U.S. Cybersecurity Enhancement Act of 2014
Provides an ongoing, voluntary public-private partnership to improve cybersecurity and to strengthen cybersecurity research and development, workforce development and education, and public awareness and preparedness.
Customer Relationship Management (CRM)
Software is used to manage an organization's customer (or client) information including lead validation, past sales, communication and interaction logs, and service history. (Microsoft Dynamics CRM, Salesforce.com, SugarCRM, and ZOHO)
U.S. National Cybersecurity Protection Advancement Act of 2015.
This act amends the Homeland Security Act of 2002 to enhance multi-directional sharing of information related to cybersecurity risks and strengthens privacy and civil liberties protections.
U.S. Sarbanes-Oxley (SOX) Act
This act was enacted to restore public confidence following several high-profile corporate accounting scandals, most notably Enron and Worldcom, It increases financial governance and accountability in publicly traded companies. Section 404 of this act specifically addresses internal controls, including requirements to safeguard the confidentiality, integrity, and availability of IT systems
Accounting Software
To process and record accounting data and transactions such as accounts payable, accounts receivable, payroll, trial balances, and general ledger (GL) entries. (Intacct, Microsoft Dynamics AX and GP, NetSuite, Quickbooks, and Sage)
Content management systems (CMS) and enterprise content management (ECM) systems
Used to store and organize files from a central management interface, with features such as indexing, publishing, search, workflow management, and versioning (EMC Documentum, HP Autonomy, Microsoft SharePoint, and OpenText)
Zero Day Threat
Window of vulnerability that exists from the time a new (unknown) threat is released until security vendors release a signature file or security patch for the threat.