Identify laws/regulations applicable to cybersecurity.

Identification should include, but not be limited to

• federal laws, regulations, policies/and or standards
• Privacy Act of 1974
• Electronic Communications Privacy Act of 1986 (ECPA)
• Counterfeit Access Device and Computer Fraud and Abuse Act of 1984
• Cyber Security Information Sharing Act of 2015 (CISA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Telecommunications Act of 1996
• Gramm-Leach-Bliley Act
• Family Educational Rights and Privacy Act (FERPA)
• Sarbanes-Oxley Act of 2002 (SOX)
  
  
• international laws and standards
• European Union [EU] directive on security of network and information systems (NIS Directive) Links to an external site.
• North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Links to an external site.
  
  
• manufacturing sector-specific standards (e.g., Chemical Facility Anti-Terrorism Standards (CFAT]) Links to an external site.

Process/Skill Questions:

• How do cybersecurity laws relate to the CIA triad?
• How do cybersecurity laws impact business?