This is not exhaustive by any means, but at the time of this writing, the links below should represent a time savings over locating the information.
HIPAA - Health Insurance Portability & Accountability Act (pub law) - HHS has a page devoted to it as well as a good summary page for HIPPA
SOX - Sarbanes Oxley - found a quick guide
Gramm-leach-blilley act - Financial breach notification - Summary page from FTC
FISMA - Federal Information Security Management Act (PDF)
95/46/ec - EU based Data protection directive also 95/46/ec (31995L0046)
2002/58/ec - EU based - Processing personal data
Decent summary on EU Protection of personal data
Common Criteria is a set of standard to facilitate product comparisons to help consumers select the right security products for their needs within AIC goals (Availability, Integrity, and Confidentiality)
ISO 15408 - defines methodologies which resolve the differences between TCSEC and ITSEC. High level presentation. Slightly harder to find is a free copy of the standards themselves. Search for 15408 on the page.
NIST SP 800-53 is a good resource for a catalog of security controls along with the ISO 27000 series.
The 800-53 was on rev 4 (Apr. 2013) at the time of this entry (as well as almost 500 pages!). The ISO 27000 link above is only to the Glossary and will likely land at a 'click to accept our terms' page. The actual 27000 series documents (Information Security Management Systems or ISMS) don't have a free link as they require payment to obtain.
NIST SP 800-18 will list documentation requirements to consider
It ain't pretty, but it's posted. #GetToIt
HIPAA - Health Insurance Portability & Accountability Act (pub law) - HHS has a page devoted to it as well as a good summary page for HIPPA
SOX - Sarbanes Oxley - found a quick guide
Gramm-leach-blilley act - Financial breach notification - Summary page from FTC
FISMA - Federal Information Security Management Act (PDF)
95/46/ec - EU based Data protection directive also 95/46/ec (31995L0046)
2002/58/ec - EU based - Processing personal data
Decent summary on EU Protection of personal data
Common Criteria is a set of standard to facilitate product comparisons to help consumers select the right security products for their needs within AIC goals (Availability, Integrity, and Confidentiality)
ISO 15408 - defines methodologies which resolve the differences between TCSEC and ITSEC. High level presentation. Slightly harder to find is a free copy of the standards themselves. Search for 15408 on the page.
NIST SP 800-53 is a good resource for a catalog of security controls along with the ISO 27000 series.
The 800-53 was on rev 4 (Apr. 2013) at the time of this entry (as well as almost 500 pages!). The ISO 27000 link above is only to the Glossary and will likely land at a 'click to accept our terms' page. The actual 27000 series documents (Information Security Management Systems or ISMS) don't have a free link as they require payment to obtain.
NIST SP 800-18 will list documentation requirements to consider
It ain't pretty, but it's posted. #GetToIt
RSS Feed