Benchmark – Impact Analysis Part 1: Information Acquisition
3.1: Examine the laws, regulations, and standards that organizations use to align with government requirements around cybersecurity best practices within their industry.
Select an industry of your choice and review its compliance requirements. Then, using a fictitious company that is just starting out, identify the essential elements of what is required to attain compliance or successful cybersecurity resilience. Within a report to the CIO, present this information from a legal standpoint making sure to address the following:
1. Identify any industry specific compliances that must be met (i.e., HIPAA, COPPA, DOD). Determine what overarching guidance they must comply with. Determine what overarching laws they must comply with.
2. Examine the requisite set of standards, frameworks, policies, and best practices most helpful in the development and implementation of the organizations objectives.
3. Identify the organization’s critical data infrastructure assets (i.e., network, telecom, utilities, applications, computers and client data categories).
4. Identify human resources for technical, management and legal operations.
5. Identify requisite law enforcement entities required for reporting breaches to (i.e., local, state, and federal areas of compliance).