Cybersecurity Laws, Regulations, Policies, Standards, and Guidelines

Cybersecurity, as a field of national and international interest and importance, continues to evolve in many ways, to include the recognition of the need for structures to regulate, policies to guide, and standards to improve security. Internationally, there are multinational laws and directives, including the European Union Network and Information Security Directive adopted in January 2016. In the United States, the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the Cybersecurity Act of 2015 are among the national cybersecurity laws.

Cybersecurity laws have largely focused on the protection of personal privacy. Some sectors have specialized regulations and policies to govern the protection of personally identifiable information. Examples include the Health Insurance Portability and Accountability Act (HIPAA) for health care information and the Gramm-Leach-Bliley Act (GLBA) for the protection of financial services data. Standards serve to establish acceptable benchmarks for security and are developed largely by volunteer international standards bodies. An example includes ISO 27001, which establishes a standard for information security management.