Some industries have legal and regulatory frameworks that dictate how they must conduct their cybersecurity business. This section is 8–10% of the 210-255 exam, but more importantly, failing to adhere to these frameworks has a significant impact on an organization's ability to operate in that industry again, or could even cause corporations or individuals to face criminal charges.
The following topics will be covered in this chapter:
- Payment Card Industry Data Security Standard
- Health Insurance Portability and Accountability Act 1996
- Sarbanes Oxley Act 2002