Resources

There are multiple resources that speak to regulations, standards and frameworks that are germane to cybersecurity including the following:

• National Institute of Standards and Technology (NIST) and the Cybersecurity Framework (NIST CSF) - https://www.nist.gov/cyberframework
• National Institute of Standards and Technology (NIST) and Security and Privacy Controls for Information Systems and Organizations (NIST Special Publication 800-53 Rev. 5) - https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• National Institute of Standards and Technology (NIST) and Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication 800-71 Rev. 2) - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
• National Institute of Standards and Technology (NIST)  and the Risk Management Framework (NIST RMF) - https://csrc.nist.gov/projects/risk-management/about-rmf
• Open Web Application Security Project (OWASP and the Application Security Verification Standard (OWASP ASVS) - https://owasp.org/www-project-application-security-verification-standard/
• International Standards Organization (ISO) and the Information Security Management Systems (ISO 27001:2022) - https://www.iso.org/standard/27001
• HIPAA Security Rule - https://www.hhs.gov/hipaa/for-professionals/security/index.html

There are multiple resources that speak to regulations, standards and frameworks that are germane to privacy including the following:

• Association of International Certified Professional Accountants (AICPA) and the Privacy Management Framework and Generally Accepted Privacy Principles (GAPP) - https://us.aicpa.org/interestareas/informationtechnology/privacy-management-framework
• National Institute of Standards and Technology (NIST) and the Privacy Framework - https://www.nist.gov/privacy-framework
• The General Data Protection Regulation (GDPR) - https://gdpr-info.eu/
• The California Consumer Privacy Act (CCPA - As Amended) - https://oag.ca.gov/privacy/ccpa
• The Colorado Privacy Act (CPA) - https://coag.gov/resources/colorado-privacy-act/
• The Connecticut Data Privacy Act - https://portal.ct.gov/AG/Sections/Privacy/The-Connecticut-Data-Privacy-Act
• The Utah Consumer Privacy Act - https://le.utah.gov/~2022/bills/sbillenr/SB0227.pdf
• The Virginia Consumer Data Protection Act - https://www.oag.state.va.us/consumer-protection/files/tips-and-info/Virginia-Consumer-Data-Protection-Act-Summary-2-2-23.pdf
• The Iowa Consumer Data Protection Act - https://www.legis.iowa.gov/legislation/BillBook?ga=90&ba=SF%20262
• Breach Notification Laws - https://www.ncsl.org/technology-and-communication/security-breach-notification-laws
• HIPAA Privacy Rule - https://www.hhs.gov/hipaa/for-professionals/privacy/index.html

There are a number of important security organizations that advocate security best practices: 

• ISACA - https://www.isaca.org/
• OWASP - https://owasp.org/
• ISSA - https://www.issa.org/
• ISC2 - https://www.isc2.org/
• SANS - https://www.sans.org/

There are a number of privacy organizations that advocate privacy best practices:

• IAPP - https://iapp.org/
• ISACA - https://www.isaca.org/
• Electronic Frontier Foundation - https://www.eff.org/
• Privacy Rights Clearinghouse - https://privacyrights.org/

• Digital Directors Network - https://www.digitaldirectors.network/
• National Association of Corporate Directors - https://www.nacdonline.org/
• Private Directors Association - https://www.privatedirectorsassociation.org/

• COSO - https://www.coso.org/
• IIA - https://www.theiia.org/
• IMA - https://www.imanet.org/
• AICPA/CIMA - https://www.aicpa-cima.com/home