Cybersecurity

Organisations’ critical infrastructure systems are essential to their bottom line, ability to innovate and daily operations. It is an important part of an organisation’s overall risk management framework. The US Cybersecurity module offers guidance on how to handle your Cybersecurity obligations. The module covers areas of law such as the 'Gramm-Leach-Bliley Act', 'Cybersecurity Information Sharing Act of 2015', 'NIST SP 800-53 Rev. 4 (Recommended Security Controls)' and over 33 other compliance sources.

Module Scope:

Core Obligations

• Overview
• Asset Management
• Business Environment
• Governance
• Risk Assessment
• Risk Management Strategy
• Supply Chain Risk Management
• Identity Management, Authentication and Access Control
• Awareness and Training
• Data Security
• Information Protection Processes
• Maintenance
• Protective Technologies
• Anomalies and Events
• Security Continuous Monitoring
• Detection Processes
• Response Planning
• Response Communications
• Analysis
• Mitigation
• Recovery Planning
• Improvements
• Recovery Communications

Legal Landscape

• Gramm-Leach-Bliley Act
• Cybersecurity Information Sharing Act of 2015
• NIST SP 800-53 Rev. 4 (Recommended Security Controls)
• and 33 other compliance sources

Regulators

• Department of Commerce
• Department of Homeland Security
• Privacy Agencies of EU Member States
• and 8 other regulators