Identification should include, but not be limited to
federal laws, regulations, policies/and or standards, including
Privacy Act of 1974
Electronic Communications Privacy Act of 1986 (ECPA)
Counterfeit Access Device and Computer Fraud and Abuse Act of 1984
Cyber Security Information Sharing Act of 2015
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Telecommunications Act of 1996
Gramm-Leach-Bliley Act
Family Educational Rights and Privacy Act (FERPA)
Sarbanes-Oxley Act of 2002 (SOX)
international laws and standards, such as the
European Union (EU) directive on security of network and information systems (NIS Directive)
.
Process/Skill Questions:
How do cybersecurity laws relate to the CIA triad?
How do cybersecurity laws impact businesses?