Categories Topics
Description
Legal, Regulatory and Compliance

Overview
Over the past number of years, multiple state, federal and international regulations have been passed that require information protections.  Organizations must avoid breaches of such regulations by designing, operating and using information systems in accordance with regulatory, contractual and security standard requirements.

Guidelines
Organizations should identify applicable legislation that is relevant for data protections and ensure appropriate procedures are implemented to meet applicable requirements.  Policies and procedures must be developed and published to ensure compliance to regulatory requirements.

Numerous regulatory standards and guidelines have been developed that include data protection requirements to include:
  • HIPAA (Health Insurance Portability and Accountability Act of 1996) - for U.S. organizations in the Healthcare industry
  • Gramm-Leach-Bliley Act (GLBA) - for U.S. organizations in the Financial Services industry
  • New Basel Capital Accord (Basel II) - for International organizations in the Banking industry
  • Sarbanes-Oxley Act - for U.S. Publicly Traded companies
  • Critical Infrastructure Protection (CIP) Reliability Standards - for U.S. Energy and Utility Infrastructure
  • The Federal Information Security Management Act (FISMA) - for U.S. Federal Government systems
  • Personal Information Protection and Electronic Document Act - Canadian
    law relating to data privacy requirements in Canada
  • EU Data Protection Directive - regulates the processing of personal data within the European Union

To help meet these numerous, sometimes complex, regulatory and legal requirements, international standards have been developed for information security to include ISO/IEC 27001 (previously named 17779).  This standard outlines a comprehensive security framework that includes detailed security requirements and guidance for information security program and data protection.  In addition, more detailed standards and guidelines have been developed by the National Institute of Standards and Technology (NIST), to include SP 800-53.

Finally, a compliance program that can be facilitated via a periodic audit review process, should be established to ensure information systems and processes adhere to security standards and regulatory requirements.

For more information on applicable standards to address compliance requirements, please see Securezoo's Standards site.


Topic Category
Compliance
Information Security Program
 
News Articles
RAT author jailed for 30 months, ordered to hand over $725k worth of Bitcoinwww.tripwire.com10/18/2018
Equifax fined £500,000 over customer data breachwww.zdnet.com9/20/2018
The makers of the Mirai IoT-hijacking botnet are sentencedwww.tripwire.com9/19/2018
Four Healthcare IT Companies Warn PHO Put 800K Patients’ Data at Riskwww.tripwire.com7/17/2018
Lending Website Cites GDPR Concerns as Reason Why It Shut Downwww.tripwire.com4/30/2018
General Services Administration (GSA) Pointing to New IT Security Rules for Contractorswww.tripwire.com3/5/2018
SEC pursues dozens of companies in cryptocurrency ICO crackdownwww.zdnet.com3/2/2018
SEC Releases Updated Guidance For Cybersecurity Disclosuresecurityintelligence.com2/27/2018
German court says Facebook use of personal data is illegalwww.helpnetsecurity.com2/13/2018
Accused Brit hacker Lauri Love will NOT be extradited to Americawww.theregister.co.uk2/5/2018
Microsoft calls for 'new Digital Geneva Convention' after spate of high-profile cyberattackswww.cnbc.com1/26/2018
Man pleads guilty to launching DDoS attacks against former employerswww.zdnet.com1/18/2018
Smart-toymaker VTech fined over charges of violating child privacy lawnakedsecurity.sophos.com1/10/2018
UK Data Protection Bill Changes Would Help Protect Security Researcherswww.tripwire.com1/10/2018
FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'www.theregister.co.uk1/9/2018
VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Datawww.tripwire.com1/9/2018
CBP releases new guidelines on phone, laptop searches at US borderswww.helpnetsecurity.com1/8/2018
Uber says 2.7 MEEELLION(ish) UK users affected by hackwww.theregister.co.uk11/29/2017
EU's data protection bods join the party to investigate Uber breachwww.theregister.co.uk11/24/2017
Equifax spends $87.5 million on data breach, more expenses on deckwww.zdnet.com11/9/2017
Is the U.S. finally about to take IoT security seriously?www.networkworld.com10/31/2017
UK financial regulator confirms it is probing Equifax mega-breachwww.theregister.co.uk10/24/2017
Phone crypto shut FBI out of 7,000 devices, complains chief g-manwww.theregister.co.uk10/23/2017
Equifax Deserves the Corporate Death Penaltywww.wired.com10/20/2017
Hundreds of Russians Protest Tighter Internet Controlswww.securityweek.com8/27/2017
The British government plans to extend data protection laws to increase consumer rights and create new crimeswww.zdnet.com8/6/2017
New Bill Seeks Basic IoT Security Standardskrebsonsecurity.com8/1/2017
Citadel Author Sentenced to Five Years in Prisonwww.securityweek.com7/21/2017
Australia’s New Laws Would Force Tech Companies to Decrypt Messageswww.tripwire.com7/14/2017
Illinois poised to ban geolocation tracking without consentnakedsecurity.sophos.com7/5/2017
UK Parliament launches inquiry into NHS WannaCrypt outbreakwww.theregister.co.uk7/5/2017
Anthem ready to pay $115 million to settle data breach lawsuitwww.helpnetsecurity.com6/26/2017
ECB to force all Eurozone banks to report cyber-security breacheswww.scmagazine.com6/20/2017
Trump signs law allowing ISPs to sell your browsing historywww.zdnet.com4/4/2017
UK official wants police access to WhatsApp messageswww.computerworld.com3/27/2017
Author of Citadel malware, used to steal $500 million from bank accounts, pleads guiltywww.tripwire.com3/23/2017
Justice Dept. charges four Russia-backed hackers over Yahoo breachwww.zdnet.com3/15/2017
US telecoms regs bow to ISPs, customers no longer federally protectedwww.scmagazine.com3/10/2017
Yahoo Agrees to $80 Million Settlement Over Data Breacheswww.tripwire.com3/9/2017
Howard Schmidt’s Legacy of Service Rememberedthreatpost.com3/3/2017
SEC probing Yahoo over previously disclosed cyber breach: Filingwww.cnbc.com1/23/2017
FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'www.theregister.co.uk1/10/2017
The FTC IoT security case against D-Link is a test of powerwww.computerworld.com1/6/2017
Britain has passed the 'most extreme surveillance law ever passed in a democracy'www.zdnet.com11/17/2016
WhatsApp Blasted by EU Data Protection Group Over Facebook Sharingthreatpost.com10/31/2016
Feds: It's legal to demand fingerprints to unlock phones of everyone in a buildingwww.computerworld.com10/17/2016
ICO boss calls for EU-style data protection rules post-Brexitwww.theregister.co.uk10/3/2016
Apple claims giving Australian banks negotiation rights will undermine customer securitywww.zdnet.com8/30/2016
Ransomware Incidents at Health Organizations Are Now Classified as a Data Breachwww.tripwire.com7/25/2016
Big Privacy Ruling Says Feds Can’t Grab Data Abroad With a Warrantwww.wired.com7/14/2016
State Dept. crippled by cyber practices, inconsistent messaging from U.S. agencieswww.scmagazine.com7/11/2016
Russia's Duma approves bill requiring decryption backdoorswww.scmagazine.com6/28/2016
China moves closer to passing controversial cybersecurity lawwww.cnbc.com6/27/2016
U.S. court rules that FBI can hack into a computer without a warrantwww.computerworld.com6/24/2016
A Texas Jury’s Guilty Verdict Should Worry IT Adminswww.wired.com6/13/2016
FBI may soon be allowed to hack computers anywhere in the worldwww.zdnet.com4/29/2016
Way to Go, FCC. Now Manufacturers Are Locking Down Routerswww.wired.com3/23/2016
The Feds Are Prepping Strict Rules to Protect Your Online Privacywww.wired.com3/14/2016
WhatsApp Encryption Said to Stymie Wiretap Orderwww.cnbc.com3/12/2016
Microsoft's top lawyer defends encryption and Applewww.networkworld.com3/4/2016
AT&T, Verizon call for federal action on encryption policywww.computerworld.com3/3/2016
France could fine Apple $1m for each iPhone it fails to unlockwww.zdnet.com3/2/2016
Apple and FBI Take Their iPhone Hacking Fight to Congresswww.wired.com3/1/2016
Tim Cook defends Apple's refusal to help the FBI in new interviewwww.networkworld.com2/26/2016
Privacy Shield is here, now orgs., lawmakers must take actionwww.scmagazine.com2/4/2016
New York tries to force phone makers to put in crypto backdoorsnakedsecurity.sophos.com1/15/2016
Dutch Government Embraces Encryption, Denounces Backdoorsthreatpost.com1/5/2016
Microsoft pledges to inform users of state surveillance, account hackingwww.zdnet.com12/31/2015
Judge Rules Kim Dotcom Can Be Extradited to US to Face Chargeswww.wired.com12/22/2015
Congress Slips CISA Into a Budget Bill That’s Sure to Passwww.wired.com12/18/2015
In wake of Paris attacks, legislation aims to extend NSA programwww.computerworld.com11/18/2015
Judge Blocks NSA Spying and Sets an Important Precedentwww.wired.com11/10/2015
Safe Harbor ruled invalidwww.scmagazine.com11/2/2015
Court will allow NSA surveillance during 180-day transition to USA Freedomwww.scmagazine.com10/30/2015
CISA Security Bill Passes Senate With Privacy Flaws Unfixedwww.wired.com10/27/2015
Congress aims to regulate car privacy, make hacks illegalwww.computerworld.com10/15/2015
Encryption puts terrorists beyond the reach of law, says MI5 chiefwww.zdnet.com9/17/2015
DOJ issues new 'stingray' policies and begins requiring a warrantwww.scmagazine.com9/4/2015
Google, the Wassenaar Arrangement, and vulnerability researchgoogleonlinesecurity.blogspot.com7/20/2015
US tech appeals to Obama to keep hands off encryptionwww.cnbc.com6/9/2015
Yahoo to Face Privacy Class-Action Lawsuit Over Scanned Emailswww.tripwire.com5/28/2015
New York State to Propose New Banking Regulations by Year Endbusinessinsights.bitdefender.com5/27/2015
NEWS ALERT: Senate blocks USA PATRIOT Act reauthorizationwww.scmagazine.com5/23/2015
NSA metadata collection is illegal, rules US courtnakedsecurity.sophos.com5/8/2015
Court’s Reversal Leaves Phones Open to Warrantless Trackingwww.wired.com5/5/2015
House Passes Cybersecurity Bill Despite Privacy Protestswww.wired.com4/22/2015
FCC fines AT&T $25M for call center breacheswww.scmagazine.com4/8/2015
New Obama Order Allows Sanctions Against Foreign Hackerswww.wired.com4/1/2015
PCI Council updates penetration testing guidance for merchantswww.scmagazine.com3/30/2015
Obama administration seeks additional authority to combat botnetswww.scmagazine.com3/16/2015
80% of merchants fail on card security compliancewww.cnbc.com3/11/2015
Say hello to net neutrality - FCC votes to "protect the open internet"nakedsecurity.sophos.com2/27/2015
Obama's cybersecurity plan: Share a password, click a link, go to prison as a hackerwww.computerworld.com1/21/2015
Over 90 percent of data breaches in first half of 2014 were preventablewww.zdnet.com1/21/2015
Hold data on EU citizens? Check if you'll be compliant with the new Data Protection Regulationnakedsecurity.sophos.com1/16/2015
Barack Obama calls for stricter data privacy, disclosure lawsnakedsecurity.sophos.com1/13/2015
Obama aims to tighten laws on data hacking and student privacywww.computerworld.com1/12/2015
Landmark HIPAA settlement confirms push to firm up patching scheduleswww.scmagazine.com12/17/2014
Banks Get Green Light in Target Breach Suitsthreatpost.com12/5/2014
UN moves to strengthen digital privacywww.zdnet.com11/26/2014
PCI Council looks to stem data breaches after bad yearwww.computerworld.com11/17/2014
Oops! Health Insurer Exposes Member Databits.blogs.nytimes.com11/10/2014
Hackers who threaten national security could face life sentencesnakedsecurity.sophos.com10/24/2014
Report: After Chase disclosure, bank regulator rallies execs to shore up defenseswww.scmagazine.com10/6/2014
The Criminal Indictment That Could Finally Hit Spyware Makers Hardwww.wired.com10/1/2014
Europe's watchdogs give Google a shopping list of how to sort out privacywww.zdnet.com9/25/2014
Google and Apple Won’t Unlock Your Phone, But a Court Can Make You Do Itwww.wired.com9/22/2014
An Alliance of Major Players to Guide Open-Source Softwarebits.blogs.nytimes.com9/15/2014
Microsoft refuses to hand over foreign data, held in contempt of courtwww.zdnet.com9/10/2014
Smartphone 'kill switch' law passes in Californiawww.cnbc.com8/12/2014
Senate subcommittee looks to stop botnet threatwww.scmagazine.com7/16/2014
FCC to push network providers on cybersecuritywww.computerworld.com6/12/2014
After PCI DSS issues, LifeLock removes Wall mobile appwww.scmagazine.com5/19/2014
Regulators Planning Cybersecurity Assessments for Banksthreatpost.com5/12/2014
Bill would restrict Calif. retailers from storing certain payment datawww.scmagazine.com4/18/2014
Snowden’s Email Provider Loses Appeal Over Encryption Keyswww.wired.com4/16/2014
Snowden’s Email Provider Loses Appeal Over Encryption Keyswww.wired.com4/16/2014
NSA searched U.S. calls, emails without warrant, U.S. intelligence chief admitswww.zdnet.com4/1/2014
New Mexico breach notification bill goes to the Housewww.scmagazine.com3/26/2014
Microsoft touts study showing the cost of pirated softwarenews.cnet.com3/19/2014
South Korea punishes three credit card firms over data heistnakedsecurity.sophos.com2/18/2014
Judges Poised to Hand U.S. Spies the Keys to the Internetwww.wired.com2/3/2014
Gov't watchdog calls NSA's call records collection illegalnews.cnet.com1/23/2014
Judge Enforces Spy Orders Despite Ruling Them Unconstitutionalwww.wired.com1/23/2014
Europe MPs: Time to change our data-sharing policy with US firmswww.theregister.co.uk1/10/2014
Top state attorneys scrutinize Target data breachnews.cnet.com12/23/2013
Court Says NSA Bulk Telephone Spying Is Unconstitutionalwww.wired.com12/16/2013
Cardslurping kingpin caged for 18 years over Carderplanet forumwww.theregister.co.uk12/13/2013
Privacy advocates blast AT&T's alleged sale of info to CIAnews.cnet.com12/11/2013
Google’s Book-Scanning Is Fair Use, Judge Rules in Landmark Copyright Casewww.wired.com11/14/2013
AOL Smacks Startup for Using CrunchBase Content It Gave Awaywww.wired.com11/5/2013
Apple privacy report details government queriesnews.cnet.com11/5/2013
Legislation Unveiled to Bar NSA’s Bulk Phone Metadata Collectionwww.wired.com10/29/2013
Feds Sued for Hiding NSA Spying From Terror Defendantswww.wired.com10/17/2013
French could serve up fines to Google for privacy violationnews.cnet.com9/27/2013
Congress unveils bill to limit NSA's powersnews.cnet.com9/26/2013
JP Morgan to fork out $4B to improve compliance, risk managementwww.zdnet.com9/13/2013
Secret Spy Court Demands Surveillance Transparency From Fedswww.wired.com9/13/2013
Government to Release Hundreds of Documents Related to NSA Surveillancethreatpost.com9/5/2013
FTC and TrendNet settle claim over hacked security camerasnews.cnet.com9/4/2013
Feds Back Away From Forced Decryption … For Nowwww.wired.com8/27/2013
Stern new data breach reporting requirement takes hold in EUwww.scmagazine.com8/26/2013
IP Cloaking Violates Computer Fraud and Abuse Act, Judge Ruleswww.wired.com8/20/2013
Snowden, Manning not whistleblowers: Australian attorney-generalwww.zdnet.com8/13/2013
Australian govt could back Merkel data protection agreementwww.zdnet.com7/23/2013
Hollywood hospital fires six for snooping into patient recordsnakedsecurity.sophos.com7/16/2013
New draft cybersecurity law: US Senate hits ctrl-alt-del, rebootwww.theregister.co.uk7/12/2013
Breach notification stick needs to be balanced with carrotwww.zdnet.com7/12/2013
Some US states strengthen data breach notification laws, others ignore themnakedsecurity.sophos.com7/9/2013
Hack biz rivals or hire cyber-warriors and we'll shut you down, warns EUwww.theregister.co.uk7/9/2013
EU increases penalties for cybercriminals and hackersnews.cnet.com7/4/2013
Digital Agenda: New specific rules for consumers when telecoms personal data is lost or stolen in EUeuropa.eu6/25/2013
Apple received thousands of personal data requests from U.S.www.computerworld.com6/17/2013
EU to vote on harsher penalties for hackersnakedsecurity.sophos.com6/11/2013
US to freeze assets of hackers, throw them out of the countrywww.zdnet.com6/7/2013
Decryption disclosure doesn't violate Fifth Amendment, judge rules in child porn casewww.computerworld.com5/30/2013
Wyndham Hotels court battle over FTC data security authority heats up againwww.scmagazine.com5/29/2013
Idaho State University to pay HHS $400K after investigation reveals shoddy securitywww.scmagazine.com5/23/2013
Legislators: Electric Utilities Dragging Heels on Cybersecurity Mitigationsthreatpost.com5/22/2013
The PCI Security Standards Council (PCI SSC) Publishes Card Production Security Requirementswww.pcisecuritystandards.org5/9/2013
CISPA passes House amid continued concerns over inadequate privacy safeguardswww.scmagazine.com4/18/2013
House Intelligence Committee OKs amended version of controversial CISPAwww.scmagazine.com4/10/2013
CISPA voting session slated for this weekwww.zdnet.com4/8/2013
Retailer Sues Visa Over $13 Million ‘Fine’ for Being Hackedwww.wired.com3/12/2013
IT security managers too focused on compliance, experts saywww.computerworld.com3/1/2013
'Copyright Alert System' rolls out to catch illegal downloadersnews.cnet.com2/25/2013
Obama cybersecurity order lacks bite, security experts saywww.computerworld.com2/13/2013
EU: We'll force power plants, Apple and pals to admit hack attackswww.theregister.co.uk2/8/2013
'Cyber 9/11' may be on horizon, Homeland Security chief warnsnews.cnet.com1/25/2013
Bank regulatory body proposes social media guidancewww.scmagazine.com1/24/2013
U.S. Health Department unveils new HIPAA ruleswww.scmagazine.com1/22/2013
Congressman touts draft bill aimed at mobile app privacynews.cnet.com1/17/2013
Business Roundtable backs CISPA approach to cybersecuritywww.computerworld.com1/10/2013
Obama's CIA nominee an advocate for federal cybersec regulationswww.computerworld.com1/7/2013
Feds step up HIPAA enforcement with hospice settlementwww.scmagazine.com1/7/2013
New laws keep employers out of worker social media accountswww.computerworld.com1/4/2013
Record 5-Year Prison Term Handed to Convicted File Sharerwww.wired.com1/3/2013
Senate Approves Warrantless Electronic Spy Powerswww.wired.com12/28/2012
Using the cloud – UK companies unaware of their data responsibilitywww.infosecurity-magazine.com12/12/2012
When is a patent too abstract? Google and Facebook weigh into key software casewww.zdnet.com12/10/2012
California sues Delta Airlines for lack of mobile app privacy policywww.computerworld.com12/6/2012
Small Medical Offices Biggest Risk to Patient Data Security, Privacythreatpost.com12/5/2012
FTC bars advertising firm from sniffing browser historieswww.computerworld.com12/5/2012
Clueless officials hamper cybersecurity law-makingwww.zdnet.com11/30/2012
US, European agencies seize 132 domain names for selling counterfeit merchandisewww.computerworld.com11/26/2012
MoneyGram Fined $100 Million for Wire Fraudkrebsonsecurity.com11/19/2012
Court OKs warrantless use of hidden surveillance camerasnews.cnet.com10/30/2012
Ten Ways To Secure Web Data Under PCIwww.darkreading.com10/29/2012
Attorneys Warn of Increased Risk of Big Data Breach Lawsuitsthreatpost.com10/25/2012
CIOs Should Get to Know Their Chief Legal Officerswww.csoonline.com9/28/2012
Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweepkrebsonsecurity.com9/13/2012
Senate blocks Cybersecurity Actwww.zdnet.com8/2/2012
Cyber Command chief urges action on information-sharing legislationthehill.com7/9/2012
Senators introduce guidelines bill for data security breachesthehill.com6/22/2012
High Court to Hear Warrantless Eavesdropping Challengewww.wired.com5/21/2012
McCain: Cybersecurity Bill Ineffective Without NSA Monitoring the Netwww.wired.com2/16/2012
Final phase of Mass. data protection law kicks in March 1www.computerworld.com1/25/2012
EU proposes 'right to be forgotten' by internet firmswww.bbc.co.uk1/23/2012
Senators change sides on SOPA/PIPA issuewww.scmagazine.com1/18/2012
NHS worker fined £500 for illegally accessing health recordswww.v3.co.uk1/12/2012
Apple reportedly putting DMCA squeeze on App Store piratesarstechnica.com1/4/2012
Surveillance Law Upheld While Lawsuit Allowed to Proceedwww.businessweek.com12/30/2011
Don't Break the Internetwww.stanfordlawreview.org12/20/2011
Verizon-Supported Cybersecurity Bill Advances in U.S. Housewww.bloomberg.com12/1/2011
Major software group backs off support for controversial online piracy billthehill.com11/21/2011
Senator Promises To Filibuster Internet Blacklisting Billwww.wired.com11/21/2011
Centers for Medicare & Medicaid Services’ Office of E-Health Standards and Services Announces 90-Day Period of Enforcement Discretion for Compliance with New HIPAA Transaction Standardswww.cms.gov11/17/2011
Reid to Move on Senate Cybersecurity Measure in Early 2012www.bloomberg.com11/17/2011
Arts groups tell BT to block access to The Pirate Baywww.bbc.co.uk11/4/2011
Warner Bros: we issued takedowns for files we never saw, didn't own copyright toarstechnica.com11/1/2011
Feds to Blacklist Piracy Sites Under House Proposalwww.wired.com10/26/2011
Federal cyber rules halt LAPD's move to Google Appswww.nextgov.com10/26/2011
Comcast No Longer Choking File Sharers’ Connections, Study Sayswww.wired.com10/21/2011
White House Orders New Computer Security Ruleswww.nytimes.com10/6/2011
DHS, Commerce seek voluntary cyber code of conductwww.federalnewsradio.com10/5/2011
U.S. Signs International Anti-Piracy Accordwww.wired.com10/3/2011
Lawmakers want investigation of supercookieswww.computerworld.com9/27/2011
France's derisory online piracy strategywww.guardian.co.uk12/31/2010
White Papers
SANS Health Care Cyberthreat Reportpages.norse-corp.com2/19/2014
Standards
NERC Critical Infrastructure Protection (CIP) StandardsNERC5/9/2012
Summary of the HIPAA Privacy RuleHIPAA8/14/2002
PCI Card Production Logical Security Requirements v1.0PCI5/9/2013
PCI Card Production Physical Security Requirements v1.0PCI5/9/2013
Information Supplement: PCI DSS Mobile Payment GuidelinesPCI2/14/2013