¶¶ÒõÊÓƵ

Sarbanes-Oxley Act (SOX): Federal law requiring financial reporting and internal controls requirements, including IT security controls documentation and testing

Health Insurance Portability and Accountability Act (HIPAA): Federal healthcare law mandating data security and privacy requirements, including regular security assessments for protected health information

Gramm-Leach-Bliley Act (GLBA): Federal law for financial institutions requiring data protection and regular security testing requirements

Federal Information Security Management Act (FISMA): Federal law establishing information security standards for federal agencies and requiring continuous monitoring requirements

NIST Cybersecurity Framework: Industry standard providing security assessment guidelines and risk management approaches

ISO 27001/27002: International standard for information security management, including audit requirements and procedures

Payment Card Industry Data Security Standard (PCI DSS): Industry standard for organizations handling payment card data, requiring security assessment and regular testing of security systems

State Data Breach Notification Laws: Various state-specific laws requiring notification of affected parties in case of data breaches

California Consumer Privacy Act (CCPA): State-specific privacy law example providing comprehensive consumer data protection requirements

NY Department of Financial Services (NYDFS) Cybersecurity Regulation: State-specific regulation example requiring financial institutions to implement comprehensive cybersecurity programs