tiktok���˰�

FISMA: Federal Information Security Management Act - Requires federal agencies and their contractors to develop and implement information security programs and risk assessments

GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data

HIPAA: Health Insurance Portability and Accountability Act - Establishes standards for protecting sensitive patient health information and requires regular risk assessments

SOX: Sarbanes-Oxley Act - Requires public companies to establish internal controls and procedures for financial reporting, including IT systems security

FTC Act: Federal Trade Commission Act - Prohibits unfair or deceptive practices in commerce, including inadequate cybersecurity measures

COPPA: Children's Online Privacy Protection Act - Imposes requirements on operators of websites or online services directed to children under 13

NIST SP 800-30: NIST Special Publication providing detailed guidance on conducting risk assessments for federal information systems

NIST CSF: NIST Cybersecurity Framework - Voluntary guidance for private sector organizations to better manage and reduce cybersecurity risk

ISO 27001/27005: International standards for information security management systems and risk management

COBIT: Control Objectives for Information and Related Technologies - Framework for IT governance and management

PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations handling credit card data

State Breach Laws: Various state-specific laws requiring notification of security breaches involving personal information

CCPA: California Consumer Privacy Act - Comprehensive state-level privacy law affecting businesses operating in California

NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for protecting private information

Industry Regulations: Sector-specific regulations that may impose additional security requirements based on industry type

GDPR Considerations: EU General Data Protection Regulation implications if handling data of EU residents

Contractual Obligations: Security requirements specified in contracts with clients, vendors, and business partners

Insurance Requirements: Security controls and assessments required by cyber insurance policies and providers