D320bn (C838)bn Laws,bn Regulations,bn andbn Organizatio
ns
1. (ISC)2bn-
bnInternationalbnInformationbnSystembnSecuritybnCertificationbnConsortium:bnAbnsecuritybncerti
ficationbngrantingbnorganizationbnthatbnhasbnabnlongbnhistorybnofbncertificationsbnthatbnwerebndiflcultbntobnget.bnThisbndiflcultybnhasbnm
adebntheirbncertificatesbnseenbnasbnhavingbnhigherbnvaluebninbnthebnindustry.
2. (ISC)2bnCloudbnSecurebnDatabnLifebnCycle:bnBasedbnonbnCSAbnGuidance.bn1.bnCreate;bn2.bnStore;bn3.bnUse;bn4.bnS
hare;
5.bnArchive;bn6.bnDestroy.
3. (SAS)bn70:bn
wasbnabnrecognizedbnstandardbnofbnthebnAmericanbnInstitutebnofbnCertifiedbnPublicbnAccountantsbn(AICPA)bninbnresponsebntobn
thebnissuesbnthatbnalsobnleadbntobnSarbanes-
Oxleybn(SOX).bnDeprecatedbninbn2011bnbybnthebnStatementbnonbnStandardsbnforbnAttestationbnEngagementsbn(SSAE)bnNo.bn16.
4. AICPA:b n establishedbnSASbn70bnandbnlaterbnSAAEbn16.
5. AICPA:bn AmericanbnInstitutebnofbnCertifiedbnPublicbnAccountants
6. OrganizationalbnNormativebnFrameworkbn(ONF):bnConceptsbnofbnISObn27034.bnTherebnisbnonlybnonebn
forbnanbnorganizationbnbutbnpotentiallybnasbnmanybnANF'sbnasbnapplications.
7. ASHRAEb n -b n Americanb n Societyb n ofb n Heating,b n Refrigeratingb n andb n Air-
ConditioningbnEngineers:bnabnprofessionalbnassociationbnseekingbntobnadvancebnheating,bnventilation,bnairbncondition
ingbnandbnrefrigerationb n systemsbndesignbnandbnconstruction.
8. Biba:bn anbnaccessbncontrolbnmodelbndesignedbntobnpreservebndatabnintegrity.bnItbnhasbn3bngoals.bnMaintainbninternalbnandbnex
ternalbnconsistency;bnpreventbnunauthorizedbndatabnmodificationbnevenbnbybnauthorizedbnparties;bnpreventbndatabnmodification
bnbybnunautho-bnrizedbnindividuals.
9. CapabilitybnMaturitybnModelbn(CMM):bnabndevelopmentbnmodelbnwherebnthebnmaturitybnrelatesbntobnthebnfor
malitybnandbnoptimizationbnofbnprocesses.bnWhenbnappliedbntobncloudbnsecuritybnitbnwouldbnfocusbnonbnthosebnaspectsbnasbnth
eybnrelatebntobncloudbnsecurity.
10. ChildbnOnlinebnProtectionbnActbn(COPA):bnAnbnattemptbntobnrestrictbnaccessbnbybnminorsbntobnmaterialbndefin
edbnasbnharmfulbntobnminors.bnAbnpermanentbninjunctionbnagainstbnthebnlawbninbn2009.
11. CloudbnAccessbnSecuritybnBrokersbn(CASBs):bnmonitorsbnnetworkbnactivitybnbetweenbnusersbnandbncl
oudbnapplicationsbnandbnenforcesbnsecuritybnpolicybnandbnblockingbnmalware.
12. CloudbnSecuritybnAlliancebn(CSA):bnpublishesbnthebnNotoriousbnNine:bn1)bnDatabnbreaches;bn2)bnDatabnLoss;
bn3)bnAccountbnservicebntraflcbnhijacking;bn4)bnInsecurebnInterfacesbnandbnAPIs;bn5)bnDenialbnofbnService;bn6)bnMaliciousbnInsiders
;bn7)bnAbusebnofbnCloudbnServices;bn8)bnInsuflcientbnDuebnDiligence;bn9)bnSharedbntechnologybnVulnerabilities.bnTherebnarebnals
obnimplicationsbnandbncontrolsbnassociatedbnwithbneach.
bn
bn
, D320bn (C838)bn Laws,bn Regulations,bn andbn Organizatio
ns
13. CSAbnSTARbn-
bnCloudbnSecuritybnAlliancebn(CSA)bnSecurity,bnTrust,bnandbnAssurancebnReg-
bnistrybn(STAR):bn
usesbnthebnConsensusbnAssessmentsbnInitiativebnQuestionnairebn(CAIQ),bnCloudbnControlsbnMatrixbn(CCM),bnandbnGDPRbnSe
lf-AssessmentbnasbninputsbntobncertifybnanbnorganizationbntobnLevelbn1.
bn
bn
, D320bn (C838)bn Laws,bn Regulations,bn andbn Organizatio
ns
Levelbn2bnintegratesbnthebnCSAbnCloudbnControlsbnMatrixbnandbnthebnAICPAbnTrustbnServicebnPrinciplesbn-
bnATbn101bnforbnSTARbnattestation.
STARbnCertificationbnforbnlevelbntobnusesbnthebnCSAbnCloudbnControlsbnMatrixbnandbnthebnrequirementsbnofbnthebnISO/IECbn27001:2
013bnmanagementbnsystembnstandardbntogetherbnwithbnthebnCSAbnCloudbnControlsbnMatrix.
CertificationbncertificatesbnfollowbnnormalbnISO/IECbn27001bnprotocolbnforbnabn3rdbnpartybnassessment.
14. CloudbnSecuritybnAlliancebnCloudbnControlsbnMatrixbn(CSAbnCCM):bnComposedbnofbn17bndom
ainsbncoveringbnkeybnelementsbnofbncloud.bnItbncontainsbn170bnobjectivesbnwithinbnthebndomains.bnTheybnintegratebnwithbnthebn
STARbnprogram.
15. COBITb n orb n Controlb n Objectivesb n forb n Informationb n andb n Relatedb n Technologies:
b n abnframeworkbnforbnITbngovernancebnandbnmanagement.bnInitiallybnusedbntobnachievebncompliancebnwithbnSarbanes-
OxleybnandbnfocusedbnonbnITbncontrols.bnSincebn2019bnthebnemphasisbnhasbnshiftedbntobninformationbngovernance.bnItbnisbnfocuse
dbnonbnthesebn5bnprinciples:
1:bnMeetingbnStakeholderbnNeeds;bn2:bnCoveringbnthebnEnterprisebnEnd-to-
End;bn3:bnApplyingbnabnSinglebnIntegratedbnFramework;bn4:bnEnablingbnabnHolisticbnApproach;bnandbn5:bnSeparatingbnGovernancebnf
rombnManagement.
16. CommonbnCriteriabnandbnthebnEAL:bnisbnassignedbntobnanbnITbnproductbnafterbnitbnhasbnbeenbnevaluatedbnbybn
anbnindependentbnlab.bnThebnlevelbnindicatesbnthebndegreebnandbntypebnofbntestingbnwithbn1bnthebnleastbnandbn7bnthebnmost.bn
containsbn60bnfunctionalbnrequirementsbninbn11bnclassesbnandbnisbnanbnacceptedbnstandardbnamongbnthebnmilitarybnorganiza
tionsbnofbnthebnUSbnandbnmanybnallies.
17. ConsensusbnAssessmentsbnInitiativebnQuestionnairebn(CAIQ):bnanbninitiativebnofbnthebnClou
dbnSecuritybnAlliancebntobnprovidebnanbnindustry-
acceptedbndocumentationbnofbnsecuritybncontrolsbnandbnasbnofbn2020bnisbncombinedbnwithbnthebnCloudbnControlsbnMatrix.
TheybncanbnbebnusedbnasbnevidencebnforbnentrybntobnthebnCSAbnSTARbnregistry.
18. DigitalbnMillenniumbnCopyrightbnActbn(DMCA):bncontroversialbnactbnintendedbntobnalignbnthebnUSbncopyri
ghtbnactbnwithbnthebnrequirementsbnofbntreatiesbnandbnthebnWorldbnIntellectualbnPropertybnOrganization.
19. DLPb n (Datab n Lossb n Prevention):b n isbnensuredbnbybnabnsetbnofbntools,bnprocedures,bnandbnpolicybntobnensurebnse
nsitive,bnproprietary,bnandbnPIIbnisbnnotbnlostbnorbnmisused.bnItbnhelpsbntobnprovidebncompliancebnwithbnnumerousbnlawsbnandbn
compliancebnrequirementsbnbybnenforcingbnpreventativebnandbndetectivebnmeasuresbninbnthebnorganization.
20. ENISAbn-
bnEuropeanbnUnionbnAgencybnforbnCybersecurity:bnabnCyberbnSecuritybnawarenessbnassociationbnthatbnpro
bn
bn
ns
1. (ISC)2bn-
bnInternationalbnInformationbnSystembnSecuritybnCertificationbnConsortium:bnAbnsecuritybncerti
ficationbngrantingbnorganizationbnthatbnhasbnabnlongbnhistorybnofbncertificationsbnthatbnwerebndiflcultbntobnget.bnThisbndiflcultybnhasbnm
adebntheirbncertificatesbnseenbnasbnhavingbnhigherbnvaluebninbnthebnindustry.
2. (ISC)2bnCloudbnSecurebnDatabnLifebnCycle:bnBasedbnonbnCSAbnGuidance.bn1.bnCreate;bn2.bnStore;bn3.bnUse;bn4.bnS
hare;
5.bnArchive;bn6.bnDestroy.
3. (SAS)bn70:bn
wasbnabnrecognizedbnstandardbnofbnthebnAmericanbnInstitutebnofbnCertifiedbnPublicbnAccountantsbn(AICPA)bninbnresponsebntobn
thebnissuesbnthatbnalsobnleadbntobnSarbanes-
Oxleybn(SOX).bnDeprecatedbninbn2011bnbybnthebnStatementbnonbnStandardsbnforbnAttestationbnEngagementsbn(SSAE)bnNo.bn16.
4. AICPA:b n establishedbnSASbn70bnandbnlaterbnSAAEbn16.
5. AICPA:bn AmericanbnInstitutebnofbnCertifiedbnPublicbnAccountants
6. OrganizationalbnNormativebnFrameworkbn(ONF):bnConceptsbnofbnISObn27034.bnTherebnisbnonlybnonebn
forbnanbnorganizationbnbutbnpotentiallybnasbnmanybnANF'sbnasbnapplications.
7. ASHRAEb n -b n Americanb n Societyb n ofb n Heating,b n Refrigeratingb n andb n Air-
ConditioningbnEngineers:bnabnprofessionalbnassociationbnseekingbntobnadvancebnheating,bnventilation,bnairbncondition
ingbnandbnrefrigerationb n systemsbndesignbnandbnconstruction.
8. Biba:bn anbnaccessbncontrolbnmodelbndesignedbntobnpreservebndatabnintegrity.bnItbnhasbn3bngoals.bnMaintainbninternalbnandbnex
ternalbnconsistency;bnpreventbnunauthorizedbndatabnmodificationbnevenbnbybnauthorizedbnparties;bnpreventbndatabnmodification
bnbybnunautho-bnrizedbnindividuals.
9. CapabilitybnMaturitybnModelbn(CMM):bnabndevelopmentbnmodelbnwherebnthebnmaturitybnrelatesbntobnthebnfor
malitybnandbnoptimizationbnofbnprocesses.bnWhenbnappliedbntobncloudbnsecuritybnitbnwouldbnfocusbnonbnthosebnaspectsbnasbnth
eybnrelatebntobncloudbnsecurity.
10. ChildbnOnlinebnProtectionbnActbn(COPA):bnAnbnattemptbntobnrestrictbnaccessbnbybnminorsbntobnmaterialbndefin
edbnasbnharmfulbntobnminors.bnAbnpermanentbninjunctionbnagainstbnthebnlawbninbn2009.
11. CloudbnAccessbnSecuritybnBrokersbn(CASBs):bnmonitorsbnnetworkbnactivitybnbetweenbnusersbnandbncl
oudbnapplicationsbnandbnenforcesbnsecuritybnpolicybnandbnblockingbnmalware.
12. CloudbnSecuritybnAlliancebn(CSA):bnpublishesbnthebnNotoriousbnNine:bn1)bnDatabnbreaches;bn2)bnDatabnLoss;
bn3)bnAccountbnservicebntraflcbnhijacking;bn4)bnInsecurebnInterfacesbnandbnAPIs;bn5)bnDenialbnofbnService;bn6)bnMaliciousbnInsiders
;bn7)bnAbusebnofbnCloudbnServices;bn8)bnInsuflcientbnDuebnDiligence;bn9)bnSharedbntechnologybnVulnerabilities.bnTherebnarebnals
obnimplicationsbnandbncontrolsbnassociatedbnwithbneach.
bn
bn
, D320bn (C838)bn Laws,bn Regulations,bn andbn Organizatio
ns
13. CSAbnSTARbn-
bnCloudbnSecuritybnAlliancebn(CSA)bnSecurity,bnTrust,bnandbnAssurancebnReg-
bnistrybn(STAR):bn
usesbnthebnConsensusbnAssessmentsbnInitiativebnQuestionnairebn(CAIQ),bnCloudbnControlsbnMatrixbn(CCM),bnandbnGDPRbnSe
lf-AssessmentbnasbninputsbntobncertifybnanbnorganizationbntobnLevelbn1.
bn
bn
, D320bn (C838)bn Laws,bn Regulations,bn andbn Organizatio
ns
Levelbn2bnintegratesbnthebnCSAbnCloudbnControlsbnMatrixbnandbnthebnAICPAbnTrustbnServicebnPrinciplesbn-
bnATbn101bnforbnSTARbnattestation.
STARbnCertificationbnforbnlevelbntobnusesbnthebnCSAbnCloudbnControlsbnMatrixbnandbnthebnrequirementsbnofbnthebnISO/IECbn27001:2
013bnmanagementbnsystembnstandardbntogetherbnwithbnthebnCSAbnCloudbnControlsbnMatrix.
CertificationbncertificatesbnfollowbnnormalbnISO/IECbn27001bnprotocolbnforbnabn3rdbnpartybnassessment.
14. CloudbnSecuritybnAlliancebnCloudbnControlsbnMatrixbn(CSAbnCCM):bnComposedbnofbn17bndom
ainsbncoveringbnkeybnelementsbnofbncloud.bnItbncontainsbn170bnobjectivesbnwithinbnthebndomains.bnTheybnintegratebnwithbnthebn
STARbnprogram.
15. COBITb n orb n Controlb n Objectivesb n forb n Informationb n andb n Relatedb n Technologies:
b n abnframeworkbnforbnITbngovernancebnandbnmanagement.bnInitiallybnusedbntobnachievebncompliancebnwithbnSarbanes-
OxleybnandbnfocusedbnonbnITbncontrols.bnSincebn2019bnthebnemphasisbnhasbnshiftedbntobninformationbngovernance.bnItbnisbnfocuse
dbnonbnthesebn5bnprinciples:
1:bnMeetingbnStakeholderbnNeeds;bn2:bnCoveringbnthebnEnterprisebnEnd-to-
End;bn3:bnApplyingbnabnSinglebnIntegratedbnFramework;bn4:bnEnablingbnabnHolisticbnApproach;bnandbn5:bnSeparatingbnGovernancebnf
rombnManagement.
16. CommonbnCriteriabnandbnthebnEAL:bnisbnassignedbntobnanbnITbnproductbnafterbnitbnhasbnbeenbnevaluatedbnbybn
anbnindependentbnlab.bnThebnlevelbnindicatesbnthebndegreebnandbntypebnofbntestingbnwithbn1bnthebnleastbnandbn7bnthebnmost.bn
containsbn60bnfunctionalbnrequirementsbninbn11bnclassesbnandbnisbnanbnacceptedbnstandardbnamongbnthebnmilitarybnorganiza
tionsbnofbnthebnUSbnandbnmanybnallies.
17. ConsensusbnAssessmentsbnInitiativebnQuestionnairebn(CAIQ):bnanbninitiativebnofbnthebnClou
dbnSecuritybnAlliancebntobnprovidebnanbnindustry-
acceptedbndocumentationbnofbnsecuritybncontrolsbnandbnasbnofbn2020bnisbncombinedbnwithbnthebnCloudbnControlsbnMatrix.
TheybncanbnbebnusedbnasbnevidencebnforbnentrybntobnthebnCSAbnSTARbnregistry.
18. DigitalbnMillenniumbnCopyrightbnActbn(DMCA):bncontroversialbnactbnintendedbntobnalignbnthebnUSbncopyri
ghtbnactbnwithbnthebnrequirementsbnofbntreatiesbnandbnthebnWorldbnIntellectualbnPropertybnOrganization.
19. DLPb n (Datab n Lossb n Prevention):b n isbnensuredbnbybnabnsetbnofbntools,bnprocedures,bnandbnpolicybntobnensurebnse
nsitive,bnproprietary,bnandbnPIIbnisbnnotbnlostbnorbnmisused.bnItbnhelpsbntobnprovidebncompliancebnwithbnnumerousbnlawsbnandbn
compliancebnrequirementsbnbybnenforcingbnpreventativebnandbndetectivebnmeasuresbninbnthebnorganization.
20. ENISAbn-
bnEuropeanbnUnionbnAgencybnforbnCybersecurity:bnabnCyberbnSecuritybnawarenessbnassociationbnthatbnpro
bn
bn
