Legal Support

Within the field of cybersecurity, the legal aspect is critical for the correct management and mitigation of cyber risks. It encompasses a range of legal frameworks, regulations, and practices designed to protect organizations and individuals from cyber threats while ensuring compliance with applicable laws.

To ensure to remain within the scope of an assessment it's necessary to keep in mind some preventive measures:

  • Obtain written consent as explicitly as possible from the authorized representative of the assets

  • Respect any limitations specified about access boundaries or tools used

  • Take measures to prevent causing damage to systems or networks being tested

  • Do not access, use, or disclose personal data or any other information obtained during the testing without permission

  • Do not intercept electronic communications without consent

Well-known Security Laws and Regulations

Various laws and regulations are established to protect sensitive information, ensure privacy, and guide organizations in handling data responsibly. These laws help organizations mitigate risks, respond to breaches, and comply with industry standards. Below are some of the most well-known security laws and regulations:

  • PCI DSS: Payment Card Industry Data Security Standard, implements requirements for organizations that handle credit cards

  • ISO/IEC 27001:2013: Framework for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS)

  • HIPAA: Health Insurance Portability and Accountability Act, used to protect patients' data

  • FISMA: The Federal Information Security Management Act, used to safeguard government operations and information

  • PTES: Penetration Testing Execution Standard, outlines the phases of a penetration test and how they should be conducted

  • DMCA: The Digital Millennium Copyright Act

  • GDPR: General Data Protection Regulation

  • DPA: Data Protection Act 2018

Cyber Law in different countries

Cyber laws vary between countries, and nowadays each nation has its own regulations for IT infrastructures and management of data on digital systems or the Internet. Some well-known laws and regulations in various countries are:

https://eccommonstorage.blob.core.windows.net/codered/uploads/lessons/resources/3HAiePjX9KtAEjMTID2IU1kcZ0rjCIUWUK3M1HfZ.pdf
https://eccommonstorage.blob.core.windows.net/codered/uploads/lessons/resources/3HAiePjX9KtAEjMTID2IU1kcZ0rjCIUWUK3M1HfZ.pdf
https://eccommonstorage.blob.core.windows.net/codered/uploads/lessons/resources/3HAiePjX9KtAEjMTID2IU1kcZ0rjCIUWUK3M1HfZ.pdf
PreviousMethodologiesNextCareer Paths

Last updated