Cyber Security Compliance — Latest Policies & Regulations
Cyber laws are constantly evolving as policymakers try to keep up with the latest technological advances. The latest cybersecurity laws include provisions designed to protect government and organizations against attacks, as well as safeguard citizen data.
Small organizations may be easier targets to attack since they lack the resources or time needed to invest in cybersecurity. Small businesses are more likely to succumb to a significant hack and the related financial and legal fallout, and companies that deal with sensitive information, like healthcare, must invest in proper cybersecurity. Legislative and regulatory frameworks were imposed by various government agencies and industry associations. Companies are also being encouraged to invest in cybersecurity to prevent theft of intellectual property and money laundering.
Cybersecurity Laws that should meet Global requirements:
Global companies must tailor their cybersecurity measures to conform to international law in addition to state laws across the United States. Other countries have different security standards; these standards, in many instances, require companies to replace their current security processes and systems. The European Union (EU) has issued several cybersecurity regulations for all European countries to follow, making it one of the most prominent examples of international cybersecurity law. All EU states must follow several regulations, which are applicable to every company that has a presence in or does business with EU residents.
A set of data privacy regulations introduced by the EU in 2018 to harmonize data privacy laws across the continent”, GDPR stands for General Data Protection Regulation, also known as GDPR. As a public policy measure, the GDPR aims to ensure individuals have more control over their personal data and to simplify the regulatory environment for international businesses by harmonizing regulations within the EU. This Regulation affects members of the European Union, the European Economic Area (EEA) as well as the transfer of personal data outside of those zones. This means that any organization that collects or targets EU citizens is under the GDPR’s obligations, regardless of wherever it is located.
Cyber Security Act of European Union
Upon passage of the Cybersecurity Act, ENISA became the European Network and Information Security Agency (ENISA). Security is an area of responsibility for the European Union’s ENISA agency, founded in 2004. As part of its remit, the agency assists EU countries in navigating cybersecurity issues and provides guidelines and resources. As part of the EU Cybersecurity Act, a certification framework was also launched. Cybersecurity guidelines are offered in this framework.
Federal Laws for Cyber Security:
In the finance and investment industries, there are several laws created to provide requirements to companies. Laws may also cover companies directly or indirectly. Many times, laws governing individuals can also affect the organizations that have agreements with them. Companies need to implement security measures in order to comply with all regulations, and those measures need to meet certain standards in order to be compliant. Below are the details on the content and requirements of a few of these federal laws.
HIPAA
The 1996 Health Insurance Portability and Accountability Act (HIPAA) was established. This law outlines standards for protecting patient’s sensitive medical information so that the entities involved in the healthcare sector can adhere to them. Business associates handling protected health information are also subject to HIPAA. You may want to consult a health law attorney if you are unsure of whether HIPAA applies to your practice.
(NYDFS) Regulation for Cybersecurity
NYDFS was founded in 2017, there are various financial and related regulations regulated by the New York State Department of Financial Services (NYDFS) in the state of New York. In addition to risk assessments and documentation, these regulations are varied and specific. It is aligned with industry best practices and ISO/IEC 27001 standards.
(FISMA) Act of 2014
2002 was the year that the Federal Information Security Management Act was passed. It was then amended by the Federal Information Security Modernization Act (FISMA 2014) in 2014. Cybersecurity was originally intended to be a federal agency’s responsibility. Nevertheless, the law extends to all organizations, including firms that do business with the government. The National Institute of Standards and Technology (NIST) set standards for compliance, and the website of NIST offers a variety of resources for businesses seeking compliance.
CMMC
“CMMC” stands for the Cybersecurity Maturity Model Certification, which was introduced by the Department of Defense last year. Federal contractors used to have to attest that they met all the necessary cybersecurity controls. The company must currently handle CUI (controlled unclassified information) in order to qualify. There has been a change in this recently. DoD contractors will be required to provide a third-party audit and certification by October 2020.
CCPA
In 2020, the California Consumer Privacy Act introduced several new standards for businesses operating in the state, including the nation’s first IoT (Internet of Things) law. A California company that generates at least $25 million in revenue each year, collects 500,000 users’ personal data, or makes at least half of its money from collecting consumer data is subject to the CCPA. All businesses that collect or sell user information in California, regardless of where the company is located, are considered to be doing so. The law has some specifics, but critics complain that it is not effective because it lacks specific penalties for nonconformance.
It is likely not enough to comply with the law. System and process improvements should be made until a company is truly secure. And to meet the safety requirements you should connect with our experts.
WCG is a global cybersecurity consulting firm that provides companies with solutions to keep their systems secure. To develop solutions to combat threats that you may face, we provide services such as Cyber Security Assessment, Penetration Testing, Application Security Assessment, and Vulnerability Assessment.
