Compliance is your adherence to the rules and regulations that govern the information you handle and the industry within which you operate. Regulatory Compliance is your adherence to the laws specific to the industry in which you're operating. Industry Compliance is adherence to regulations that aren't mandated by law but that can nonetheless have severe impacts upon your ability to conduct business.
Standards are often from the series of Special Publications (SPs) created by the US National Institute of Standards and Technology (NIST). ![[Pasted image 20231006144055.png]] 2 most common gov compliance standards are the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP) both based on NIST SP 800-53
Health Insurance Portability and Accountability Act (HIPPA) protects the rights and data of patients in the US healthcare system.
Sarbanes-Oxley Act (SOX) regulates financial data, operations, and assets for publicly held companies.
Gramm-Leach-Bliley Act (GLBA) aims to protect information (such as personally identifiable information PII) and financial data belonging to customers of financial institutions.
Children's Internet Protection Act requires schools and libraries to prevent children from accessing obscene or harmful content over the Internet.
Children's Online Privacy Protection Act (COPPA) protects the privacy of minors younger than 13 by restricting organizations from collecting their PII, requiring the organizations to post a privacy policy online, make reasonable efforts to obtain parental consent, and notify parents that information is being collected.
Family Educational Rights and Privacy Act (FERPA) protects students' records.
The International Organization for Standardization (ISO) is a body created to set standards between nations. ISO 27000 series covers infosec standards such as ![[Pasted image 20231006145454.png]] ![[Pasted image 20231006145522.png]]![[Pasted image 20231006145530.png]]
Cloud Models ![[Pasted image 20231006145646.png]]