legal

  1. SOX
    Protects investors. Provides guidelines for reporting financial information
  2. DMCA
    Legal protections for copyrighted materials
  3. ISO/IEC 27001:2013
    focuses on security governance
  4. 27000-family
    Provide standards for information asset security
  5. FITARA
    Federal Information Technology Acquisition Reform Act - from NDAA - How government purchases technology 2015
  6. FISMA
    Government networks must have security standards 2014
  7. NIST-800-53
    Catalog security and privacy controls for federal information systems created to help federal agencies to implement FISMA 2012
  8. NIST-800-30
    Guide for conducting risk assessments
  9. OSSTMM Interactive controls
    Authentication, Indemnification, Resilience, Subjugation, Continuity
  10. OSSTMM Process Controls
    Nonrepudiation, Confidentiality, Privacy, Integrity, Alarm
  11. PCI-DSS
    • req1: install and maintain firewall
    • req2: do not use defaults for passwords
    • req3: protect cardholder data
    • req4: encrypt cardholder data
    • req5: use antivirus
    • req6: develop and maintain secure systems
    • req7: restrict data by need to know
    • req8: assign unique user IDs
    • req9: restrict physical access to data
    • req10: track and monitor network access
    • req11: regularly test
    • req12: maintain security policy
  12. GLBA
    Controls use of personal financial data
  13. FERPA
    Protection for educational records
  14. ISO 27002
    outlines best practices for security controls
  15. COBIT
    IT management framework
  16. ITIL
    operational framework
Author
Phoenixelijah
ID
342751
Card Set
legal
Description
legal
Updated