Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In the final video of this module we have a look at the specific type of laws dealing with technology:
- Export restrictions - the WASSENAAR Agreement made it illegal to export munitions to terrorists, but this also includes certain types of cryptography.
- Trans-border issues - laws vary by territorial jurisdiction.
- Privacy issues and employee monitoring - employees expect privacy, but they don't have a right to it in a business setting, however, it's important to be transparent about what can be monitored in order to be legally compliant.
- Deter and protect assets - the goal is to prevent compromise, not to catch employees in the act!
- HIPAA - applies to health insurers, providers, and clearing houses (claims processors). Organizations are still responsible even when outsourcing work covered under HIPAA.
- Gram-Leach-Bliley Fanancial Services Modernization Act (GLBA) - customer info (PII) must be protected by financial institutions such as banks.
- PCI DSS - credit card companies and related industries are self-regulated and must adhere to proper auditing and compliance standards. Failure to do so can result in their privileges being revoked.
Part 1 - Intro
Part 2 - Determining Data Sensitivity
Part 3 - Who is Responsible for Security in Cloud Models
Part 4 - SDLC in the Cloud
Part 5 - OWASP 1 through 5
Part 6 - OWASP 6 through 10
Part 7 - Defensive Coding
Part 8 - Risks and Controls
Part 9 - Crypto in the Cloud
Part 10 - Common Architectures
Part 11 - Identity and Access Management
Part 12 - Data and Media Sanitization
Part 13 - Intro to ID
Part 14 - Defining Identity and Access Management
Part 15 - Virtualization Overview
Part 16 - Threat Modeling
Part 17 - Threats to Cloud Computing
Part 18 - Types of Testing
Part 19 - BCP
Part 20 - Non Functional Testing
Part 21 - Vulnerability Scans and Penetration Testing
Part 22 - Review