An architectural framework for privacy practices, including technological and non-technical components and a roadmap for privacy policy development and enforcement.

Aimed at accountants and accountancies, this framework incorporates elements of the OECD privacy guidelines, HIPAA, GLBA, PIPEDA, and other international rules and regulations.

HITECH Act - Health Information Technology for Economic and Clinical Health Act. Guidance relates to two forthcoming breach notifications - one to be issued by HHS for (HIPAA) covered entities and thier business associates and one to be issued by the Fede ...

Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, an ...

Practical (draft) guidance on IT principles and practices to support HIPAA privacy and information security standards.

Federal guidance for US financial services firms on risks and risk management controls necessary to authenticate the identity of customers accessing Internet-based services.

Information security professionals traditionally had difficulty trying to justify their existence. IT security staff agree there should be some security controls in place, but trying to validate a defense in depth approach is difficult. Organizations ha ...

This book provides guidance on the implementation of ISMS control requirements for auditing existing control implementations to help organizations preparing for certification in accordance with ISO/IEC 27001:2005 Information security management systems. R ...

The British Standard, BS10012 Data protection. Specification for a personal information management system has been developed to establish best practice and aid compliance with data protection legislation. It is the first standard for the management of per ...

BS ISO/IEC 27000 aims to provide the terms and definitions, and an introduction to the ISMS family of standards that: * Define requirements for an ISMS and for those certifying such systems * Provide direct support, detailed guidance and/or in ...

Regulation of unfair and deceptive acts and practices in connection with the collection and use of personal information from and about children on the Internet.

A set of key security outcome and practice metrics developed by a team of more than 150 government, private, and academic experts. Metrics cover the following business functions: * Application Security o Number of Applications ...

Requirements for the identification and documentation of Critical Cyber Assets through the application of a risk-based assessment. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.

A survey of existing and proposed global regulations related to cryptography, including a map of import, export, and domestic controls and a crypto and self-incrimination FAQ.

Federal regulation covering requests for and disclosure of information retained by the US Government.

Standard for the identification and protection of an electronic security perimeter(s). Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.

EU regulation covering the protection of individuals with regard to the processing of personal data and the free movement of such data.

The FTC Health Breach Notification Rule requires companies to contact customers, the FTC, and the media in the event of a security breach. The rule applies only to health information that is not secured through technologies specified by the Department of ...

Guidance on assessing and redressing privacy risks, aimed at internal auditors and managers. Includes abstracts of key privacy frameworks and guidance on privacy assessments.

Guidance for the assessment of vulnerability management practices, including specific managerial recommendations. Developed for audit executives and internal auditors.

General guidance for internal auditors and management on identity and access management (IAM) concepts, processes, and audit.

US law for financial institutions covering 1) requirements for the protection nonpublic personal information, 2) limitations and customer rights related to disclosure of personal information, and 3) requirements for clear and conspicuous disclosure of ins

International guidance enumerating minimum guarantees that governments should make regarding the collection, retention, and use of personal electronic information.

A US regulatory standard for the protection of protected health information, including use and disclosure of health information, and standards for individual rights to control how health information is used.

A US national standard covering administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected health information.

Standard for the identification, classification, response, and reporting of Cyber Security Incidents related to Critical Cyber Assets. Part of the NERC CIP cybersecurity framework for the protection of the US Bulk Electric System.

A chapter of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) providing guidance to examiners and financial institutions on audit roles and responsibilities. General action indication ...

The IT Security EBK conceptualizes IT security skill requirements in a new way to address evolving IT security challenges. The EBK characterizes the IT security workforce and provides a national baseline representing the essential knowledge and skills tha ...

An overview of IT security measurements and metrics written for non-experts. Emphasis on organizational safeguards and illustrating threats through practical examples.

A substantive presentation describing definition, souring, application, interpretation, testing, cost effectiveness, calibration, and use of security measurement in a risk context. The presentation also provides insights on related concepts, such as st ...