State-level data protection laws are becoming more common in the United States. These states have laws that govern minimum cybersecurity requirements:
|
California |
Massachusetts |
Minnesota |
Nevada |
Oregon |
Washington |
|
|
|
|
|
|
|
| CA SB1386 | MA 201CMR17.00 | Plastic Card Security Act | NV SB227 | OR ORS646.200 | WA HB1149 |
Why should you take these state-level Information Security laws seriously? The reason is simple: A single negligent breach can close your business forever, because liability insurance will not cover professional negligence. Without the ability to prove steps were taken to ensure due care and due diligence were applied to your business operations, you may be considered negligent in a lawsuit. Additionally, Information Security policies are a tool that you can use to enforce proper conduct by your employees.
Secure Controls Framework (SCF)
Secure Controls Framework (SCF) "Premium Content" - Expertise-Class Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video This short product walkthrough video is designed to give a brief overview about...
Determining the scope of controls (e.g., assessment boundary) is different than determining control...
As a Chief Information Security Officer (CISO) or cybersecurity director, it is likely that you been...
The release of the Cybersecurity & Data Protection Assessment Standards (CDPAS) is important to the...
There is a "materiality ecosystem" that exists within modern cybersecurity risk management discussio...
