CISA: Cybersecurity Information Sharing Act - Federal legislation that promotes the sharing of cyber threat information between private sector and government
CFAA: Computer Fraud and Abuse Act - Federal law that criminalizes unauthorized access to computers and networks
ECPA: Electronic Communications Privacy Act - Federal law governing the interception and monitoring of electronic communications
GLBA: Gramm-Leach-Bliley Act - Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive data
HIPAA: Health Insurance Portability and Accountability Act - Federal law protecting sensitive patient health information from disclosure
State Breach Laws: Various state-specific laws requiring notification of data breaches to affected individuals and relevant authorities
SHIELD Act: New York State law requiring businesses to implement safeguards for the protection of private information
CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act - Comprehensive state privacy laws protecting California residents' personal information
NIST Framework: National Institute of Standards and Technology Cybersecurity Framework - Guidelines for private sector cybersecurity
ISO 27001: International standard for information security management systems
CIS Controls: Center for Internet Security Controls - Set of actions for cyber defense
PCI DSS: Payment Card Industry Data Security Standard - Information security standard for organizations handling credit card data
FTC Guidelines: Federal Trade Commission guidelines on cybersecurity practices and consumer protection
SEC Guidance: Securities and Exchange Commission guidance on cybersecurity for public companies
GDPR: General Data Protection Regulation - EU law on data protection and privacy affecting organizations handling EU residents' data
