VOL 1: The Northeast Equipment Dealer Association’s Guide to Cybersecurity Lingo
In honor of October being Cybersecurity Awareness Month, Secuvant™ and the Northeast Equipment Dealers Association are kicking off our multi-part series of cybersecurity lingo all industries should know.
Whether you’re just starting your cybersecurity career, or you’re looking to hire an expert to do the hard work for you, being familiar with cybersecurity vocabulary is important. Outlined below are various, important cybersecurity acronyms and the types of cyber attacks to be aware of.
Be sure to bookmark this page so you can reference it whenever you find yourself asking “what does that mean again?”
Types of Cybersecurity Regulation
- CCPA – A 2018, California-specific, privacy act that helps consumers understand their rights regarding personal information that businesses collect about them. It also specifies how it is used and shared. The major implication of this on the digital world was CCPA opt-outs being implemented into many websites.
- CMMC – The Cybersecurity Maturity Model Certification (CMMC) is designed to standardize cybersecurity preparedness across the government’s industrial assets. By 2026, it is expected that CMMC will be a requirement for all new Department of Defense requests.
- DFARS – Similar to the way HIPAA exists to safeguard health information, DFARS is designed to cover what is called ‘Covered Defense Information’. This addresses data integrity when companies work on contracts with the Department of Defense. DFARS requirements can help guide companies towards preferred contractor status.
- FFIEC – This U.S. Government interagency is composed of five banking regulators. It is designed to ‘”empower and prescribe uniform principles, standards, and report forms to promote uniformity in the supervision of financial institutions”.
- GDPR – The General Data Protection Regulation (GDPR) is the European Union’s data privacy and security laws designed to protect the public. One of the critical components is the public’s ability to manage its data, and the ‘right to be forgotten’ by companies. GDPR regulators have issued hundreds of fines at a value of over $100 million during the first 20 months of the law.
- Gramm-Leach Bliley Act – Enacted in 1999, this changed how banks could act. Also known as the Financial Services Modernization Act, it removed barriers in the market among banking companies, securities companies, and insurance companies that prohibited any one institution from acting in combination with the three–ultimately allowing for consolidation of companies. The act also included safeguard rules requiring financial institutions to develop a written security plan describing how the company is prepared for, and plans to, protect clients’ personal information.
- HIPAA – Created to modernize the flow of healthcare information, the regulation stipulates how personally identifiable information maintained by healthcare providers should be protected from fraud and theft. It also addresses limitations on healthcare insurance coverage and established national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers.
- NIST – The National Institute of Standards and Technology (NIST) is a U.S. agency designed to promote innovation and industrial competitiveness. The agency helps organizations to better understand and improve the management of cybersecurity risk through frameworks and standards.
- PCI-DSS – This acronym stands for Payment Card Industry Data Security Standard (PCI-DSS) and consists of 12 requirements for businesses to implement in order to protect credit card data. Because of the data requirements, many companies opt for credit card processors which can focus more on compliance.
- SOX – The Sarbanes-Oxley Act (SOX) of 2002 is a law designed to protect investors from fraudulent accounting activities by corporations.
While this might seem a little overwhelming at first, familiarizing yourself with the basic terms as they relate to cybersecurity regulation is vital. Protecting your organization from cyber hackers and attacks means saving your company, employees, clients, and more.
Stay tuned for Vol 2: A Beginner’s Guide to Cybersecurity Lingo in November, where we dive into the Types of Cyber Attacks.
Click here to learn more about how Secuvant’s superior cybersecurity services can benefit your organization and to talk with a Secuvant™ expert today.
Located in Salt Lake City, Utah, Secuvant is a global leader in integrated cyber threat analytics and risk advisory services, built on a value system of client focus, integrity, accountability, execution, and teamwork. Secuvant’s mission is to provide clients with a Clear Path Forward in their pursuit of establishing an acceptable security risk posture. Secuvant’s success is built upon strict adherence to its values, a functioning world-class advisory board, the unique combination of cybersecurity expertise and industry / vertical specialization, and a team of experts that repeatedly deliver best-in-class managed and advisory cybersecurity and risk services. Secuvant understands Cyber Risk is Business Risk™ and uses methodologies and metrics aimed at minimizing business risk. Services include, but are not limited to, Security Gap and Risk Assessments, Risk Program Management, Executive and Board Cyber Advisory, Penetration Testing, Security Monitoring, Managed Detection and Response and Incident Response services. To learn more, visit www.secuvant.com.