Video Description

In the final video of this module we have a look at the specific type of laws dealing with technology:

  • Export restrictions - the WASSENAAR Agreement made it illegal to export munitions to terrorists, but this also includes certain types of cryptography.

  • Trans-border issues - laws vary by territorial jurisdiction.

  • Privacy issues and employee monitoring - employees expect privacy, but they don't have a right to it in a business setting, however, it's important to be transparent about what can be monitored in order to be legally compliant.

  • Deter and protect assets - the goal is to prevent compromise, not to catch employees in the act!

  • HIPAA - applies to health insurers, providers, and clearing houses (claims processors). Organizations are still responsible even when outsourcing work covered under HIPAA.

  • Gram-Leach-Bliley Fanancial Services Modernization Act (GLBA) - customer info (PII) must be protected by financial institutions such as banks.

  • PCI DSS - credit card companies and related industries are self-regulated and must adhere to proper auditing and compliance standards. Failure to do so can result in their privileges being revoked.

Course Modules

ISC2 Certified Cloud Security Professional (CCSP)