Copyright Goodheart-Willcox Co., Inc. Chapter 2 Information Security Fundamentals 65 Quick Look 2.3.1 State Security Laws You must be familiar with the laws of any state in which your company does business. This includes any interstate commerce the company may engage in. As a cybersecurity professional, it is your responsibility to ensure compliance. 1. Launch a web browser, and navigate to the National Conference of State Legislatures website (www.ncsl.org). This site provides information related to state legislatures, including cybersecurity laws for each state. 2. Use the site’s search function, and search for security breach notification laws. In the results, click the link for the article of the same name. 3. Find your state on the list. Does your state have more than one law? 4. Click the link to the laws in your state. Read the text or description of the laws. 5. Open the laws for another state. How do they compare to the laws in your state? 6. Discuss with your classmates some of the laws and penalties you see on these pages. SECTION REVIEW 2.3 Check Your Understanding 1. What is meant by compliance? 2. Which law covers unauthorized access to computers? 3. What is the basic purpose of the Gramm-Leach-Bliley Act (GLBA)? 4. What governmental agency monitors issues related to the SOX rules? 5. What is the minimum number of credit card transactions for the PCI DSS regulations to apply? Build Your Key Terms Vocabulary As you progress through this course, develop a personal cybersecurity glossary. This will help you build your vocabulary and prepare you for a career. Write a defi nition for each of the following terms, and add it to your cybersecurity glossary. compliance Computer Fraud and Abuse Act (CFAA) Electronic Communication Privacy Act (ECPA) electronic health record (EHR) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accounting Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) protected health information (PHI) Sarbanes-Oxley Act (SOX)