Legal and Compliance Terms

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Legal and compliance terms.
00:00
In this lesson, we want to talk about
00:00
the differences between laws,
00:00
regulations, standards, and frameworks.
00:00
We're going to talk about which of these concepts
00:00
actually as penalties for non-compliance,
00:00
and then we want to talk about
00:00
briefly the impact of laws,
00:00
regulations, standards, and frameworks in the Cloud.
00:00
In the course of many people's lives,
00:00
they may have heard the notion of laws,
00:00
interacts with the legal system,
00:00
or understood regulations.
00:00
However, we want to make the distinctions amongst
00:00
these terms very clear
00:00
and explicit because they have different meanings,
00:00
and they have different implications as a result.
00:00
Laws, first and foremost,
00:00
are requirements that are passed by governing bodies.
00:00
The legislator, or
00:00
Parliament of a country gets together and
00:00
votes and ensconce the set of requirements,
00:00
or penalties, into a country's legal code.
00:00
Regulations are the rules created
00:00
>> by government agencies.
00:00
>> A law may exist that says,
00:00
you must protect health care information.
00:00
But then a particular agency within the government may
00:00
create many of the specific
00:00
>> rules for enacting that law.
00:00
>> Those are referred to as regulations.
00:00
In the United States,
00:00
financial services and the protection of
00:00
financial data is regulated
00:00
by the Securities and Exchange Commission, the SEC.
00:00
Violations of that are need to be reported to the SEC.
00:00
Some of these laws and
00:00
regulations can impact organizations
00:00
in the Cloud or in general,
00:00
because they are fines associated
00:00
>> with these violations,
00:00
>> and then some violations,
00:00
if they are severe enough,
00:00
can actually result in jail time.
00:00
Standards are usually created
00:00
by companies within a specific industry,
00:00
and these standards represent
00:00
reasonable levels or formats.
00:00
They really represent the minimum standard
00:00
when it comes to best practices.
00:00
Now, there are internal standards within your company.
00:00
These are your policies that
00:00
set the minimum standards for security,
00:00
and appropriate handling of information,
00:00
and then there are external standards.
00:00
One we'll go into later,
00:00
is the Payment Card Industry Standard.
00:00
This regulates how credit card information is
00:00
processed and protected in the United States,
00:00
and this standard is not enforced by a government.
00:00
However, the payment card industry has
00:00
its own body of enforcement
00:00
and auditing to ensure that its standards are met.
00:00
Then there are frameworks.
00:00
Frameworks are really useful models for
00:00
implementing regulations or standards.
00:00
We will go into some frameworks that
00:00
help implement many regulations within the Cloud,
00:00
and these are ways that companies can think
00:00
about how to map the regulations on
00:00
to their particular business model and protect
00:00
their data in an easier way
00:00
than just going regulation by regulation.
00:00
Quiz question. Which of the following does not have
00:00
defined legal penalties for failure to comply?
00:00
Laws, standards, or regulations.
00:00
Maybe you said standards, that's correct.
00:00
Although standards may have penalties,
00:00
for example, we use the payment card industry,
00:00
they're not written into law in the way that
00:00
laws and the consequential regulations
00:00
that government agencies create are.
00:00
In summary, we talked about the
00:00
>> distinction between laws,
00:00
>> regulations, standards, and frameworks.
00:00
Although you may be familiar with
00:00
>> some of these concepts,
00:00
>> I hope making them explicit will help you to gain
00:00
a more granular understanding
00:00
of their impact on your Cloud environments.
00:00
All right, I'll see you in the next lesson.
Up Next