Search Knowledge Base by Keyword
Data Security / Privacy / Breach Law
- 23 NYCRR 500
- Alaska's Data Breach & Data Security Laws
- Arizona Data Breach Law
- Arkansas Data Breach Law
- Arkansas DHS Breach 2017
- Arkansas Government on 2017 Equifax Breach
- Business Email Compromise (BEC)
- California CCPA
- California Cybersecurity & Data Breach Laws
- Colorado Cybersecurity, Privacy & Data Breach Laws
- Connecticut Cybersecurity & Privacy Laws
- COPPA
- Delaware Cybersecurity & Privacy Regulations
- Florida Cybersecurity, Privacy & Data Breach Laws
- GDPR
- Georgia Cybersecurity, Data Privacy Laws & Insurance Regulations
- Hawaii Cybersecurity, Privacy & Data Security Laws
- Idaho Cybersecurity, Privacy & Data Security Laws
- Illinois Cybersecurity, Privacy & Data Security Laws
- Indiana Cybersecurity, Privacy & Data Security Laws
- Iowa | Data Breach Law
- Kansas Cybersecurity, Privacy & Data Security Law
- Kentucky | Data Breach Law
- Louisiana | Data Breach Law
- Maine | Data Breach Law
- Maryland Cybersecurity, Privacy & Data Regulations
- Massachusetts | Data Breach Law
- Michigan Data Security & Breach Laws
- Nevada Insurance Data Security Law (SB21)
- North Carolina Cybersecurity Laws
- PCI DSS
- Regulatory Requirements
- Tennessee Data Breach Law
- Third-Party Risk Management (TPRM)
- Washington, D.C. Data Breach Law
- What are South Carolina Data Security & Breach Laws?
- What is HIPAA?
- WISP
- Show all articles (18) Collapse Articles
Definitions
- Access
- Access Authority
- Access Control
- Access Control List (ACL)
- Access Control Lists (ACLs)
- Access Control Mechanism
- Access Level
- Access List
- Access Point
- Access Profile
- Access Type
- Account Management, User
- Accountability
- Accounting Legend Code (ALC)
- Accounting Number
- Accreditation
- Accreditation Authority
- Accreditation Boundary
- Accreditation Package
- Accrediting Authority
- Activation Data
- Active Attack
- Active Content
- Active Security Testing
- Activities
- Ad Hoc Network
- Add-on Security
- Adequate Security
- Administrative Account
- Administrative Safeguards
- Advanced Encryption Standard (AES)
- Advanced Key Processor (AKP)
- Advanced Persistent Threats (APTs)
- Adversary
- Advisory
- Agency
- Agency Certification Authority (CA)
- Agent
- Alert
- Allocation
- Alternate COMSEC Custodian
- Alternate Work Site
- Analysis
- Anomaly-Based Detection
- Anti-jam
- Anti-spoof
- Antispyware Software
- Antivirus Software
- Applicant
- Application
- Approval to Operate (ATO)
- Approved
- Approved Mode of Operation
- Approved Security Function
- Assessment
- Assessment Findings
- Assessment Method
- Assessment Object
- Assessment Objective
- Assessment Procedure
- Assessor
- Asset
- Asset Identification
- Asset Reporting Format (ARF)
- Assurance
- Assurance Case
- Assured Information Sharing
- Assured Software
- Asymmetric Cryptography
- Asymmetric Keys
- Attack
- Attack Sensing and Warning (AS&W)
- Attack Signature
- Attribute Authority
- Attribute-Based Access Control
- Attribute-Based Authorization
- Audit
- Audit Data
- Audit Log
- Audit Reduction Tools
- Audit Review
- Audit Trail
- Authenticate
- Authentication
- Authentication Code
- Authentication Mechanism
- Authentication Mode
- Authentication Period
- Authentication Protocol
- Authentication Tag
- Authentication Token
- Authenticator
- Authenticity
- Authority
- Authorization
- Authorization (to operate)
- Authorization Boundary
- Authorize Processing
- Authorized Vendor
- Authorized Vendor Program(AVP)
- Authorizing Official
- Authorizing Official Designated Representative
- Automated Key Transport
- Automated Password Generator
- Automated Security Monitoring
- Automatic Remote Rekeying
- Autonomous System (AS)
- Availability
- Awareness (Information Security)
- Back Door
- Backdoor
- Backtracking Resistance
- Backup
- Banner
- Banner Grabbing
- Baseline
- Baseline Configuration
- Baseline Security
- Baselining
- Basic Testing
- Bastion Host
- Behavioral Outcome
- Benign Environment
- Binding
- Biometric
- Biometric Information
- Biometric System
- Biometrics
- Bit
- Bit Error Rate
- Bitcoin
- BLACK
- Black Box Testing
- Black Core
- Blacklist
- Blacklisting
- Blended Attack
- Blinding
- Block
- Block Cipher
- Block Cipher Algorithm
- Blue Team
- Body of Evidence (BoE)
- botnet
- Boundary
- Boundary Protection
- Boundary Protection Device
- Browsing
- Brute Force Password Attack
- Buffer Overflow
- Buffer Overflow Attack
- Bulk Encryption
- Business Continuity Plan (BCP)
- Business Email Compromise (BEC)
- Business Impact Analysis (BIA)
- Cyber Risks at Accounting Firms
- Show all articles (136) Collapse Articles
- California CCPA
- Call Back
- Canister
- Capstone Policies
- Capture
- Cardholder
- Cascading
- Category
- CBC/MAC
- CCM
- Central Office of Record (COR)
- Central Services Node (CSN)
- Certificate
- Certificate Management
- Certificate Management Authority – (CMA)
- Certificate Policy (CP)
- Certificate Revocation List (CRL)
- Certificate Status Authority
- Certificate-Related Information
- Certification
- Certification Analyst
- Certification Authority (CA)
- Certification Authority Facility
- Certification Authority Workstation (CAW)
- Certification Package
- Certification Practice Statement – (CPS)
- Certification Test and Evaluation(CT&E)
- Certified TEMPEST Technical Authority (CTTA)
- Certifier
- Chain of Custody
- Chain of Evidence
- Challenge and Reply Authentication
- Challenge-Response Protocol
- Check Word
- Checksum
- Chief Information Officer (CIO)
- Chief Information Security Officer (CISO)
- Cipher
- Cipher Block Chaining-Message Authentication Code(CBC-MAC)
- Cipher Suite
- Cipher Text Auto-Key (CTAK)
- Ciphertext
- Ciphertext/Cipher Text
- Ciphony
- Claimant
- Classified Information
- Classified Information Spillage
- Classified National Security Information
- Clear
- Clear Text
- Clearance
- Clearing
- Client
- Client (Application)
- Clinger-Cohen Act of 1996
- Closed Security Environment
- Closed Storage
- Cloud Computing
- CMMC
- Code
- Code Book
- Code Group
- Code Vocabulary
- Cold Site
- Cold Start
- Collision
- Command Authority
- Commercial COMSEC Evaluation Program (CCEP)
- Commodity Service
- Common Access Card (CAC)
- Common Carrier
- Common Configuration Enumeration (CCE)
- Common Configuration Scoring System (CCSS)
- Common Control
- Common Control Provider
- Common Criteria
- Common Fill Device
- Common Misuse Scoring System (CMSS)
- Common Platform Enumeration (CPE)
- Common Vulnerabilities and Exposures (CVE)
- Common Vulnerability Scoring System (CVSS)
- Communications Cover
- Communications Deception
- Communications Profile
- Communications Security (COMSEC)
- Community of Interest (COI)
- Community Risk
- Comparison
- Compartmentalization
- Compartmented Mode
- Compensating Security Control
- Compensating Security Controls
- Comprehensive Testing
- Compromise
- Compromising Emanations
- Computer Abuse
- Computer Cryptography
- Computer Forensics
- Computer Incident Response Team (CIRT)
- Computer Network Attack (CNA)
- Computer Network Defense(CND)
- Computer Network Exploitation – (CNE)
- Computer Network Operations (CNO)
- Computer Security (COMPUSEC)
- Computer Security Incident
- Computer Security Incident Response Team (CSIRT)
- Computer Security Object (CSO)
- Computer Security Objects Register
- Computer Security Subsystem
- Computer Virus
- Computing Environment
- COMSEC
- COMSEC Account
- COMSEC Account Audit
- COMSEC Aid
- COMSEC Assembly
- COMSEC Boundary
- COMSEC Chip Set
- COMSEC Control Program
- COMSEC Custodian
- COMSEC Demilitarization
- COMSEC Element
- COMSEC End-item
- COMSEC Equipment
- COMSEC Facility
- COMSEC Incident
- COMSEC Insecurity
- COMSEC Manager
- COMSEC Material
- COMSEC Material Control System (CMCS)
- COMSEC Modification
- COMSEC Module
- COMSEC Monitoring
- COMSEC Profile
- COMSEC Survey
- COMSEC System Data
- COMSEC Training
- Concentration Risk
- Concept of Operations (CONOP)
- Confidentiality
- Configuration Control
- Configuration Control Board (CCB)
- Confinement Channel
- Container
- Contamination
- Content Filtering
- Contingency Key
- Contingency Plan
- Contingent Business Interruption (CBI)
- Continuity of Government (COG)
- Continuity of Operations Plan(COOP)
- Continuous Monitoring
- Control Information
- Controlled Access Area
- Controlled Access Protection
- Controlled Area
- Controlled Cryptographic Item (CCI)
- Controlled Cryptographic Item (CCI) Assembly
- Controlled Cryptographic Item (CCI) Component
- Controlled Cryptographic Item (CCI) Equipment
- Controlled Interface
- Controlled Space
- Controlled Unclassified Information (CUI)
- Controlling Authority
- Cookie
- Cooperative Key Generation
- Cooperative Remote Rekeying
- COPPA
- Correctness Proof
- Counter with Cipher Block Chaining-Message Authentication Code (CCM)
- Countermeasure
- Countermeasures
- Cover-Coding
- Coverage
- Covert Channel
- Covert Channel Analysis
- Covert Storage Channel
- Covert Testing
- Covert Timing Channel
- Credential
- Credential Service Provider (CSP)
- Critical Infrastructure
- Critical Security Parameter (CSP)
- Criticality
- Criticality Level
- Cross Site Scripting (XSS)
- Cross-Certificate
- Cross-Domain Capabilities
- Cross-Domain Solution (CDS)
- Cryptanalysis
- Crypto Officer
- Cryptographic
- Cryptographic Alarm
- Cryptographic Algorithm
- Cryptographic Ancillary Equipment
- Cryptographic Binding
- Cryptographic Boundary
- Cryptographic Component
- Cryptographic Equipment
- Cryptographic Hash Function
- Cryptographic Ignition Key (CIK)
- Cryptographic Initialization
- Cryptographic Key
- Cryptographic Logic
- Cryptographic Material (slang CRYPTO)
- Cryptographic Module
- Cryptographic Module Security Policy
- Cryptographic Module Validation Program (CMVP)
- Cryptographic Net
- Cryptographic Period
- Cryptographic Product
- Cryptographic Randomization
- Cryptographic Security
- Cryptographic Strength
- Cryptographic Synchronization
- Cryptographic System
- Cryptographic System Analysis
- Cryptographic System Evaluation
- Cryptographic System Review
- Cryptographic System Survey
- Cryptographic Token
- Cryptography
- Cryptology
- CVE
- Cyber Attack
- Cyber Incident
- Cyber Infrastructure
- Cybersecurity
- Cyberspace
- Cyclical Redundancy Check (CRC)
- Show all articles (210) Collapse Articles
- Data
- Data Aggregation
- Data Asset
- Data Breach
- Data Element
- Data Encryption Algorithm (DEA)
- Data Encryption Standard (DES)
- Data Flow Control
- Data Harvesting
- Data Integrity
- Data Loss
- Data Mapping
- Data Origin Authentication
- Data Security
- Data Transfer Device (DTD)
- Decertification
- Decipher
- Decode
- Decrypt
- Decryption
- Dedicated Mode
- Default Classification
- Defense-in-Breadth
- Defense-in-Depth
- Degauss
- Delaware Cybersecurity & Privacy Regulations
- Delegated Development Program
- Deleted File
- Demilitarized Zone (DMZ)
- Denial of Service (DoS)
- Depth
- Descriptive Top-Level Specification (DTLS)
- Designated Approval Authority (DAA)
- Designated Approving (Accrediting) Authority
- Deterministic Random Bit Generator (DRBG)
- Deterministic Random Bit Generator (DRBG) Mechanism
- Device Distribution Profile
- Device Registration Manager
- Dial Back
- Differential Power Analysis (DPA)
- Digital Ecosystem
- Digital Evidence
- Digital Forensics
- Digital Signature
- Digital Signature Algorithm
- Direct Shipment
- Disaster Recovery Plan (DRP)
- Disconnection
- Discretionary Access Control
- Disk Imaging
- Disruption
- Distinguished Name (DN)
- Distinguishing Identifier
- Distributed Denial of Service – (DDoS)
- DKIM
- DMZ
- Domain
- Drop Accountability
- Dual-Use Certificate
- Duplicate Digital Evidence
- Duration
- Dynamic Subsystem
- E-Government (e-gov)
- Easter Egg
- Eavesdropping Attack
- Education (Information Security)
- Egress Filtering
- Electronic Authentication (E-authentication)
- Electronic Business (e-business)
- Electronic Credentials
- Electronic Evidence
- Electronic Key Entry
- Electronic Key Management System (EKMS)
- Electronic Messaging Services
- Electronic Signature
- Electronically Generated Key
- Emanations Security (EMSEC)
- Embedded Computer
- Embedded Cryptographic System
- Embedded Cryptography
- Encipher
- Enclave
- Enclave Boundary
- Encode
- Encrypt
- Encrypted Key
- Encrypted Network
- Encryption
- Encryption Algorithm
- Encryption Certificate
- End Cryptographic Unit (ECU)
- End-Item Accounting
- End-to-End Encryption
- End-to-End Security
- Enrollment Manager
- Enterprise
- Enterprise Architecture (EA)
- Enterprise Risk Management
- Enterprise Service
- Entity
- Entrapment
- Entropy
- Environment
- Environment of Operation
- Ephemeral Key
- Erasure
- Error Detection Code
- Escrow
- Evaluation Assurance Level (EAL)
- Evaluation Products List (EPL)
- Event
- Examination
- Examine
- Exculpatory Evidence
- Executive Agency
- Exercise Key
- Expected Output
- Exploit Code
- Exploitable Channel
- Extensible Configuration Checklist Description Format (XCCDF)
- External Information System Service
- External Information System (or Component)
- External Information System Service Provider
- External Network
- External Security Testing
- Extraction Resistance
- Extranet
- Show all articles (107) Collapse Articles
- Fail Safe
- Fail Soft
- Failover
- Failure Access
- Failure Control
- False Acceptance
- False Acceptance Rate (FAR)
- False Positive
- False Rejection
- False Rejection Rate (FRR)
- Federal Agency
- Federal Bridge Certification Authority (FBCA)
- Federal Bridge Certification Authority Membrane
- Federal Bridge Certification Authority Operational Authority
- Federal Enterprise Architecture
- Federal Information Processing Standard (FIPS)
- Federal Information Security Management Act (FISMA)
- Federal Information System
- Federal Information Systems Security Educators’ Association (FISSEA)
- Federal Public Key Infrastructure Policy Authority (FPKI PA)
- File Encryption
- File Name Anomaly
- File Protection
- File Security
- Fill Device
- FIPS
- FIPS PUB
- FIPS-Approved Security Method
- FIPS-Validated Cryptography
- FIREFLY
- Firewall
- Firewall Control Proxy
- Firmware
- FISMA
- Fixed COMSEC Facility
- Flaw
- Flooding
- Focused Testing
- Forced Leave
- Forensic Copy
- Forensic Specialist
- Forensically Clean
- Forensics
- Formal Access Approval
- Formal Development Methodology
- Formal Method
- Formal Proof
- Formal Security Policy
- Formatting Function
- Forward Cipher
- Frequency Hopping
- Full Disk Encryption (FDE)
- Full Maintenance
- Functional Testing
- Gateway
- GDPR
- General Support System
- Geolocation Data
- Global Information Grid (GIG)
- Global Information Infrastructure (GII)
- Governance
- Graduated Security
- Gray Box Testing
- Group Authenticator
- Guard (System)
- Guessing Entropy
- What Is Flaw Hypothesis Methodology?
- Show all articles (47) Collapse Articles
- Hacker
- Handshaking Procedures
- Hard Copy Key
- Hardening
- Hardware Security Module (HSM) Keys
- Hardwired Key
- Hash Function
- Hash Total
- Hash Value
- Hash Value/Result
- Hash-based Message Authentication Code (HMAC)
- Hashing
- Hashword
- Health Information Exchange (HIE)
- High Assurance Guard (HAG)
- High Availability
- High Impact
- High-Impact System
- Honeypot
- Hot Site
- Hot Wash
- Hybrid Security Control
- IA Architecture
- IA Infrastructure
- IA Product
- IA-Enabled Information Technology Product
- IA-Enabled Product
- Identification
- Identifier
- Identity
- Identity Binding
- Identity Proofing
- Identity Registration
- Identity Token
- Identity Validation
- Identity Verification
- Identity-Based Access Control
- Identity-Based Security Policy
- Image
- Imitative Communications Deception
- Impact
- Impact Level
- Impact Value
- Implant
- Inadvertent Disclosure
- Incident
- Incident Handling
- Incident Response Plan
- Incident Response Plan
- Incomplete Parameter Checking
- Inculpatory Evidence
- Independent Validation Authority (IVA)
- Independent Verification & Validation (IV&V)
- Indicator
- Individual
- Individual Accountability
- Individuals
- Industrial Control System
- Informal Security Policy
- Information
- Information Assurance (IA)
- Information Assurance (IA) Professional
- Information Assurance Component (IAC)
- Information Assurance Manager (IAM)
- Information Assurance Officer (IAO)
- Information Assurance Vulnerability Alert (IAVA)
- Information Domain
- Information Environment
- Information Flow Control
- Information Management
- Information Operations (IO)
- Information Owner
- Information Resources
- Information Resources Management (IRM)
- Information Security
- Information Security Architect
- Information Security Architecture
- Information Security Continuous Monitoring (ISCM)
- Information Security Continuous Monitoring (ISCM) Process
- Information Security Continuous Monitoring (ISCM) Program
- Information Security Policy
- Information Security Program Plan
- Information Security Risk
- Information Sharing
- Information Sharing Environment
- Information Steward
- Information System
- Information System Boundary
- Information System Contingency Plan (ISCP)
- Information System Life Cycle
- Information System Owner
- Information System Owner (or Program Manager)
- Information System Resilience
- Information System Security Officer (ISSO)
- Information System-Related Security Risks
- Information Systems Security (INFOSEC)
- Information Systems Security Engineer (ISSE)
- Information Systems Security Engineering (ISSE)
- Information Systems Security Equipment Modification
- Information Systems Security Manager (ISSM)
- Information Systems Security Officer (ISSO)
- Information Systems Security Product
- Information Technology
- Information Type
- Information Value
- Inheritance
- Initialization Vector (IV)
- Initialize
- Initiator
- Inside(r) Threat
- Insider Threat
- Inspectable Space
- Integrity
- Integrity Check Value
- Intellectual Property
- Interconnection Security Agreement (ISA)
- Interface
- Interface Control Document
- Interim Approval to Operate (IATO)
- Interim Approval to Test (IATT)
- Intermediate Certification Authority (CA)
- Internal Network
- Internal Security Controls
- Internal Security Testing
- Internet
- Internet Protocol (IP)
- Interoperability
- Interview
- Intranet
- Intrusion
- Intrusion Detection and Prevention System (IDPS)
- Intrusion Detection Systems (IDS)
- Intrusion Detection Systems (IDS) – (Host-Based)
- Intrusion Detection Systems (IDS) – (Network-Based)
- Intrusion Prevention System(s) (IPS)
- Inverse Cipher
- IP Security (IPsec)
- IT Security Architecture
- IT Security Awareness
- IT Security Awareness and Training Program
- IT Security Education
- IT Security Investment
- IT Security Metrics
- IT Security Policy
- IT Security Training
- IT-Related Risk
- What is HIPAA?
- Show all articles (127) Collapse Articles
- Jamming
- Joint Authorization
- Kerberos
- Key
- Key Bundle
- Key Distribution Center (KDC)
- Key Escrow
- Key Escrow System
- Key Establishment
- Key Exchange
- Key Expansion
- Key Generation Material
- Key List
- Key Loader
- Key Logger
- Key Management
- Key Management Device
- Key Management Infrastructure (KMI)
- Key Pair
- Key Production Key (KPK)
- Key Recovery
- Key Stream
- Key Tag
- Key Tape
- Key Transport
- Key Updating
- Key Wrap
- Key-Auto-Key (KAK)
- Key-Encryption-Key (KEK)
- Keyed-hash based message authentication code (HMAC)
- Keying Material
- Keystroke Monitoring
- KMI Operating Account (KOA)
- KMI Protected Channel (KPC)
- KMI-Aware Device
- KOA Agent
- KOA Manager
- KOA Registration Manager
- Show all articles (18) Collapse Articles
- Label
- Labeled Security Protections
- Laboratory Attack
- Least Privilege
- Least Trust
- Level of Concern
- Level of Protection
- Likelihood of Occurrence
- Limited Maintenance
- Line Conditioning
- Line Conduction
- Line of Business
- Link Encryption
- List-Oriented
- Local Access
- Local Authority
- Local Management Device/Key Processor (LMD/KP)
- Local Registration Authority (LRA)
- Logic Bomb
- Logical Completeness Measure
- Logical Perimeter
- Long Title
- Low Impact
- Low Probability of Detection
- Low Probability of Intercept
- Low-Impact System
- Macro Virus
- Magnetic Remanence
- Maintenance Hook
- Maintenance Key
- Major Application
- Major Information System
- Malicious Applets
- Malicious Code
- Malicious Logic
- Malware
- Man-in-the-middle Attack (MitM)
- Management Client (MGC)
- Management Controls
- Management Security Controls
- Mandatory Access Control (MAC)
- Mandatory Modification
- Manipulative Communications Deception
- Manual Cryptosystem
- Manual Key Transport
- Manual Remote Rekeying
- Marking
- Masquerading
- Master Cryptographic Ignition Key
- Match/matching
- Maximum Tolerable Downtime
- Mechanisms
- Media
- Media Sanitization
- Memorandum of Understanding/Agreement (MOU/A)
- Memory Scavenging
- Message Authentication Code (MAC)
- Message Digest
- Message Externals
- Message Indicator
- Metrics
- MIME
- Mimicking
- Min-Entropy
- Minimalist Cryptography
- Minor Application
- Misnamed Files
- Mission Assurance Category (MAC)
- Mission Critical
- Mission/Business Segment
- Mobile Code
- Mobile Code Technologies
- Mobile Device
- Mobile Software Agent
- Mode of Operation
- Moderate Impact
- Moderate-Impact System
- Multi-Hop Problem
- Multi-Releasable
- Multifactor Authentication
- Multilevel Device
- Multilevel Mode
- Multilevel Security (MLS)
- Multiple Security Levels (MSL)
- Mutual Authentication
- Mutual Suspicion
- Show all articles (66) Collapse Articles
- 23 NYCRR 500
- Naming Authority
- National Information Infrastructure
- National Information Assurance Partnership (NIAP)
- National Security Emergency Preparedness Telecommunications Services
- National Security Information
- National Security Information(NSI)
- National Security System
- National Vulnerability Database (NVD)
- Need To Know Determination
- Need-To-Know
- Needs Assessment (IT Security Awareness Training)
- Net-centric Architecture
- Network
- Network Access
- Network Access Control (NAC)
- Network Address Translation (NAT)
- Network Front-End
- Network Reference Monitor
- Network Resilience
- Network Security
- Network Security Officer
- Network Sniffing
- Network Sponsor
- Network System
- Network Weaving
- Nevada Insurance Data Security Law (SB21)
- No-Lone Zone (NLZ)
- Non-deterministic Random Bit Generator (NRBG)
- Non-Local Maintenance
- Non-Organizational User
- Non-repudiation
- Nonce
- North Carolina Cybersecurity Laws
- NSA-Approved Cryptography
- Nth Tier Risk
- Null
- Object
- Object Identifier
- Object Reuse
- Off-Card
- Off-line Attack
- Off-line Cryptosystem
- Official Information
- On-Card
- One-part Code
- One-time Cryptosystem
- One-time Pad
- One-time Tape
- One-Way Hash Algorithm
- Online Attack
- Online Certificate Status Protocol (OCSP)
- Online Cryptosystem
- Open Checklist Interactive Language (OCIL)
- Open Storage
- Open Vulnerability and Assessment Language (OVAL)
- Operating System (OS) Fingerprinting
- Operational Controls
- Operational Key
- Operational Vulnerability Information
- Operational Waiver
- Operations Code
- Operations Security (OPSEC)
- Optional Modification
- Organization
- Organizational Information Security Continuous Monitoring
- Organizational Maintenance
- Organizational Registration Authority (ORA)
- Organizational User
- Outside Threat
- Outside(r) Threat
- Over-The-Air Key Distribution
- Over-The-Air Key Transfer
- Over-The-Air Rekeying (OTAR)
- Overt Channel
- Overt Testing
- Overwrite Procedure
- Show all articles (57) Collapse Articles
- Packet Filter
- Packet Sniffer
- Parity
- Partitioned Security Mode
- Passive Attack
- Passive Security Testing
- Passive Wiretapping
- Password
- Password Cracking
- Password Protected
- Patch
- Patch Management
- Path Histories
- Payload
- PCI DSS
- Peer Entity Authentication
- Penetration
- Penetration Testing
- Per-Call Key
- Performance Reference Model (PRM)
- Perimeter
- Periods Processing
- Perishable Data
- Permuter
- Personal Firewall
- Personal Identification Number (PIN)
- Personal Identity Verification Issuer
- Personal Identity Verification (PIV)
- Personal Identity Verification Accreditation
- Personal Identity Verification Authorizing Official
- Personal Identity Verification Card (PIV Card)
- Personal Identity Verification Registrar
- Personal Identity Verification Sponsor
- Personally Identifiable Information (PII)
- Personnel Registration Manager
- Phishing
- Physically Isolated Network
- Piconet
- PII Confidentiality Impact Level
- Plaintext
- Plaintext Key
- Plan of Action and Milestones (POA&M)
- Policy Approving Authority (PAA)
- Policy Certification Authority (PCA)
- Policy Management Authority (PMA)
- Policy Mapping
- Policy-Based Access Control (PBAC)
- Port
- Port Scanning
- Portable Electronic Device (PED)
- Portal
- Positive Control Material
- Potential Impact
- Practice Statement
- Precursor
- Prediction Resistance
- Predisposing Condition
- Preproduction Model
- Primary Services Node (PRSN)
- Principal
- Principal Accrediting Authority (PAA)
- Principal Certification Authority – (CA)
- Print Suppression
- Privacy
- Privacy Impact Assessment (PIA)
- Privacy System
- Private Key
- Privilege
- Privilege Management
- Privileged Access Management (PAM)
- Privileged Account
- Privileged Accounts
- Privileged Command
- Privileged Process
- Privileged User
- Probability of Occurrence
- Probe
- Product Source Node (PSN)
- Production Model
- Profiling
- Promiscuous Mode
- Proprietary Information (PROPIN)
- Protected Distribution System (PDS)
- Protection Philosophy
- Protection Profile
- Protective Distribution System
- Protective Packaging
- Protective Technologies
- Protocol
- Protocol Data Unit
- Protocol Entity
- Proxy
- Proxy Agent
- Proxy Server
- Pseudonym
- Pseudorandom Number Generator (PRNG)
- Public Domain Software
- Public Key
- Public Key (Asymmetric) Cryptographic Algorithm
- Public Key Certificate
- Public Key Cryptography
- Public Key Enabling (PKE)
- Public Key Infrastructure (PKI)
- Public Seed
- Purge
- Quadrant
- Qualitative Assessment
- Quality of Service
- Quantitative Assessment
- Quarantine
- Show all articles (90) Collapse Articles
- Radio Frequency Identification (RFID)
- Random Bit Generator (RBG)
- Random Number Generation (RNG)
- Randomizer
- Ransomware
- RBAC
- Read
- Read Access
- Real-Time Reaction
- Recipient Usage Period
- Reciprocity
- Records
- Records Management
- Recovery Point Objective
- Recovery Procedures
- Recovery Time Objective
- RED
- Red Signal
- Red Team
- Red Team Exercise
- Red/Black Concept
- Reference Monitor
- Registration
- Registration Authority (RA)
- Regulatory Requirements
- Rekey
- Rekey (a certificate)
- Release Prefix
- Relying Party
- Remanence
- Remediation
- Remediation Plan
- Remote Access
- Remote Diagnostics/Maintenance
- Remote Maintenance
- Remote Rekeying
- Removable Media
- Renew (a certificate)
- Repair Action
- Replay Attacks
- Repository
- Reserve Keying Material
- Residual Risk
- Residue
- Resilience
- Resource Encapsulation
- Responder
- Responsibility to Provide
- Responsible Individual
- Restricted Data
- Revoke a Certificate
- RFID
- Rijndael
- Risk
- Risk Analysis
- Risk Assessment
- Risk Assessment Methodology
- Risk Assessment Report
- Risk Assessor
- Risk Executive (or Risk Executive Function)
- Risk Management
- Risk Management Framework
- Risk Mitigation
- Risk Model
- Risk Monitoring
- Risk Response
- Risk Response Measure
- Risk Tolerance
- Risk-Adaptable Access Control (RAdAC)
- Robust Security Network (RSN)
- Robust Security Network Association (RSNA)
- Robustness
- Rogue Device
- Role
- Role-Based Access Control – (RBAC)
- Root Cause Analysis
- Root Certification Authority
- Rootkit
- Round Key
- Rule-Based Security Policy
- Rules of Engagement (ROE)
- Ruleset
- Show all articles (62) Collapse Articles
- S-box
- S/MIME
- Safeguarding Statement
- Safeguards
- Salt
- Sandboxing
- Sanitization
- SCADA
- Scanning
- Scatternet
- Scavenging
- Scoping Guidance
- Secret Key
- Secret Key (symmetric) Cryptographic Algorithm
- Secret Seed
- Secure Communication Protocol
- Secure Communications
- Secure DNS (SECDNS)
- Secure Erase
- Secure Hash Algorithm (SHA)
- Secure Hash Standard
- Secure Socket Layer (SSL)
- Secure State
- Secure Subsystem
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Security
- Security Assertion Markup Language (SAML)
- Security Association
- Security Attribute
- Security Authorization
- Security Authorization (To Operate)
- Security Authorization Boundary
- Security Automation Domain
- Security Banner
- Security Categorization
- Security Category
- Security Concept of Operations (Security CONOP)
- Security Content Automation Protocol (SCAP)
- Security Control Assessment
- Security Control Assessor
- Security Control Baseline
- Security Control Effectiveness
- Security Control Enhancements
- Security Control Inheritance
- Security Controls
- Security Controls Baseline
- Security Domain
- Security Engineering
- Security Fault Analysis (SFA)
- Security Features Users Guide – (SFUG)
- Security Filter
- Security Functions
- Security Goals
- Security Impact Analysis
- Security Incident
- Security Information and Event Management (SIEM) Tool
- Security Inspection
- Security Kernel
- Security Label
- Security Level
- Security Management Dashboard
- Security Marking
- Security Markings
- Security Mechanism
- Security Net Control Station
- Security Objective
- Security Perimeter
- Security Plan
- Security Policy
- Security Program Plan
- Security Range
- Security Requirements
- Security Requirements Baseline
- Security Safeguards
- Security Service
- Security Specification
- Security Strength
- Security Tag
- Security Target
- Security Test & Evaluation (ST&E)
- Security Testing
- Security-Relevant Change
- Security-Relevant Event
- Security-Relevant Information
- Seed Key
- Semi-Quantitative Assessment
- Sender Policy Framework (SPF)
- Senior Agency Information Security Officer (SAISO)
- Senior Information Security Officer
- Sensitive Compartmented Information (SCI)
- Sensitive Compartmented Information Facility (SCIF)
- Sensitive Information
- Sensitivity
- Sensitivity Label
- Service-Level Agreement
- Shared Secret
- Shielded Enclosure
- Short Title
- Signature
- Signature Certificate
- Signature Generation
- Signature Validation
- Signature Verification
- Signed Data
- Single Point Keying
- Situational Awareness
- Skimming
- Smart Card
- Smishing
- Sniffer
- Social Engineering
- Software
- Software Assurance
- Software System Test and Evaluation Process
- Software-Based Fault Isolation
- Source Code
- Spam
- Spam Filtering Software
- Special Access Program (SAP)
- Special Access Program Facility – (SAPF)
- Special Character
- Specification
- Spillage
- Split Knowledge
- Spoofing
- Spread Spectrum
- Spyware
- SRTM- Security Requirements Traceability Matrix
- SSL
- Standard
- Start-Up KEK
- State
- Static Key
- Status Monitoring
- Steganography
- Storage Object
- Strength of Mechanism (SoM)
- Striped Core
- Strong Authentication
- Subassembly
- Subject
- Subject Security Level
- Subordinate Certification Authority
- Subscriber
- Subsystem
- Suite A
- Suite B
- Superencryption
- Superior Certification Authority
- Supersession
- Supervisory Control and Data Acquisition (SCADA)
- Supplementation (Security Controls)
- Supplementation (Assessment Procedures)
- Supply Chain
- Supply Chain Attack
- Suppression Measure
- Surrogate Access
- Syllabary
- Symmetric Encryption Algorithm
- Symmetric Key
- Synchronous Crypto-Operation
- System
- System Administrator
- System Assets
- System Development Methodologies
- System Development Life Cycle (SDLC)
- System High
- System High Mode
- System Indicator
- System Integrity
- System Interconnection
- System Low
- System Of Records
- System Owner
- System Profile
- System Security
- System Security Plan
- System Software
- System-Specific Security Control
- Systems Security Engineering
- Systems Security Officer
- What is Security Posture?
- Show all articles (162) Collapse Articles
- Tabletop Exercise
- Tactical Data
- Tactical Edge
- Tailored Security Control Baseline
- Tailoring
- Tailoring (Assessment Procedures)
- Tampering
- Technical Controls
- Technical Non-repudiation
- Technical Reference Model(TRM)
- Technical Security Controls
- Technical Vulnerability Information
- Telecommunications
- Telework
- Tempest
- TEMPEST
- TEMPEST Test
- TEMPEST Zone
- Test
- Test Key
- Third-Party Risk Management (TPRM)
- Threat
- Threat Analysis
- Threat Assessment
- Threat Event
- Threat Monitoring
- Threat Scenario
- Threat Shifting
- Threat Source
- Time Bomb
- Time-Compliance Date
- Time-Dependent Password
- TOE Security Functions (TSF)
- TOE Security Policy (TSP)
- Token
- Total Risk
- Tracking Cookie
- Tradecraft Identity
- Traditional INFOSEC Program
- Traffic Analysis
- Traffic Encryption Key (TEK)
- Traffic Padding
- Traffic-Flow Security (TFS)
- Training (Information Security)
- Training Assessment
- Training Effectiveness
- Training Effectiveness Evaluation
- Tranquility
- Transmission
- Transmission Security (TRANSEC)
- Transport Layer Security (TLS)
- Trap Door
- Triple DES
- Trojan Horse
- Trust Agent
- Trust Anchor
- Trust List
- Trusted Agent
- Trusted Certificate
- Trusted Channel
- Trusted Computer System
- Trusted Computing Base (TCB)
- Trusted Distribution
- Trusted Foundry
- Trusted Identification Forwarding
- Trusted Path
- Trusted Platform Module (TPM) Chip
- Trusted Process
- Trusted Recovery
- Trusted Timestamp
- Trustworthiness
- Trustworthy System
- TSEC
- TSEC Nomenclature
- Tunneling
- Two-Part Code
- Two-Person Control (TPC)
- Two-Person Integrity (TPI)
- Type 1 Key
- Type 1 Product
- Type 2 Key
- Type 2 Product
- Type 3 Key
- Type 3 Product
- Type 4 Key
- Type 4 Product
- Type Accreditation
- Type Certification
- U.S. Person
- U.S.-Controlled Facility
- U.S.-Controlled Space
- Unauthorized Access
- Unauthorized Disclosure
- Unclassified
- United States Government Configuration Baseline (USGCB)
- Unsigned data
- Untrusted Process
- Update (a Certificate)
- Update (key)
- US-CERT
- User
- User ID
- User Initialization
- User Partnership Program (UPP)
- User Registration
- User Representative (COMSEC)
- User Representative (Risk Management)
- Show all articles (87) Collapse Articles
- Warm Site
- Web Bug
- Web Content Filtering Software
- Web Risk Assessment
- White Team
- Whitelist
- Wi-Fi Protected Access-2 (WPA2)
- Wiki
- Wired Equivalent Privacy (WEP)
- Wireless Access Point (WAP)
- Wireless Application Protocol (WAP)
- Wireless Local Area Network – (WLAN)
- Wireless Technology
- Work Factor
- Workcraft Identity
- Worm
- Write
- Write Access
- Write-Blocker
- X.509 Certificate
- X.509 Public Key Certificate
- Zero Fill
- Zeroization
- Zeroize
- Zombie
- Zone Of Control
- Show all articles (6) Collapse Articles
Health
Insurance
Alabama Data Breach Law
Created On
Last Updated On
Views67
Navigation:
< Back
Alabama Has Various Cyber & Data Breach Laws
Alabama Cyber & Data Breach Laws have been updated. Please visit https://tekrisq.com/alabama-breach-law/
Alabama Data Security & Cyber Regulations are in place, and must be observed and practiced by businesses operating there. This is a summary of those regulations, and who must be complaint.
Insurance Agency Regulations:
Alabama Data Security & Cyber Regulations require insurance licensees to abide by the following laws;
Alabama Dept. Of Insurance Data Security Program Requirements
All Alabama Insurance Licensees are required to be assessed annually for data security and cyber risks.
Business Regulations:
Alabama S.B. 318 (signed into law March 28, 2018)
Effective June 1, 2018
- Enacted in 2018, Alabama’s data breach notification legislation requires entities that acquire or use “sensitive personally identifying information” of Alabama residents to notify affected individuals of any unauthorized acquisition of data.
- Notification in writing must be made as expeditiously as possible and without unreasonable delay, and no later than 45 days of receipt of notice of the breach. Notification is not required if it is determined the breach is not reasonably likely to cause substantial harm to affected individuals.
- Breached third parties must notify the relevant data owners or licensees within 10 days.
- If more than 1,000 individuals must be notified of a breach, breached entities must also notify the Attorney General, and all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis, as defined in 15 U.S.C. Section 1681a.
- Substitute notice is permitted in specific circumstances and notification may be delayed for law enforcement purposes.
- Entities in compliance with relevant federal and state regulations, HIPAA or the GLBA are deemed to comply with this law. They must still provide written notice to the Alabama Attorney General when the number of individuals the entity notified exceeds 1,000.
- Civil penalties as high as $500,000 per breach are stipulated. Failure to properly notify can result in additional penalties of up to $5,000 per day for each consecutive day there is a failure to comply with notification provisions
Alabama Data Security & Cyber Regulations also specify the following;
ADDITIONAL DETAILS: Alabama S.B. 318
Application. A person or commercial entity (collectively, Entity) that acquires or uses sensitive personally identifying information.
Security Breach Definition. The unauthorized acquisition of data in electronic form containing sensitive personally identifying information.
- Good-faith acquisition of sensitive personally identifying information by an employee or agent of an Entity is not a security breach, provided that the information is not used for a purpose unrelated to the business or subject to further unauthorized use.
- A security breach also does not include the release of a public record not otherwise subject to confidentiality or nondisclosure requirements, nor does it include any lawful, investigative, protective, or intelligence activity of a law enforcement or intelligence agency of the state, or a political subdivision of the state.
Notification Obligation. Any Entity that determines that, as a result of a breach of security, sensitive personally identifying information has been acquired by an unauthorized person, and is reasonably likely to cause substantial harm to an AL resident to whom the information relates, shall give notice of the breach to each AL resident to whom the information relates.
Notification to Consumer Reporting Agencies. If the number of affected individuals exceeds 1,000, the Entity must notify all consumer reporting agencies without unreasonable delay once it is determined that a breach has occurred and is reasonably likely to cause substantial harm to affected individuals.
Attorney General/Agency Notification. If the number of affected individuals exceeds 1,000, the Entity must notify the Attorney General as expeditiously as possible and without unreasonable delay, and within 45 days once it is determined that a breach has occurred and is reasonably likely to cause substantial harm to affected individuals.
Timing of Notification. Notice shall be made as expeditiously as possible and without unreasonable delay, taking into account the time necessary to conduct an investigation, and within 45 days of discovering that a breach has occurred and is reasonably likely to cause substantial harm to affected individuals.
Personal Information Definition. An AL resident’s first name or first initial and last name, in combination with one or more of the following data elements that relate to the resident, when either the name or the data elements are not truncated, encrypted, secured or modified in a way that removes elements that personally identify an individual or render the data unusable:
- Social Security number;
- Driver’s license number or state identification card number, passport number, military identification number, or other unique identification number issued on a government document used to verify the identity of a specific individual;
- Account number, credit card number or debit card number in combination with any required security code, access code, password, expiration date, or PIN, that is necessary to access the financial account or to conduct a transaction that will credit or debit the financial account;
- Any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
- An individual’s health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual; or
- A user name or email address, in combination with a password or security question and answer that would permit access to an online account affiliated with the Entity that is reasonably likely to contain or is used to obtain sensitive personally identifying information.
Sensitive personally identifying information does not include information about an individual that is lawfully made public by a federal, state, or local government record or widely distributed media.
Notice Required. Notice may be provided by one of the following methods:
- Written notice; or
- Email notice.
Substitute Notice Available. If the Entity demonstrates that the cost of providing notice is excessive relative to the Entity’s resources, (provided that the cost of notification is considered excessive if it exceeds $500,000), or that the affected AL residents to be notified exceeds 100,000 persons, or the Entity does not have sufficient contact information to provide notice. Substitute notice shall consist of the following:
- Conspicuous posting of the notice on the website of the Entity if the Entity maintains one, for a period of 30 days; and
- Notice to major print and broadcast media, including major media in urban and rural areas where the affected individuals reside.
Exception: Compliance with Other Laws.
- An Entity subject to or regulated by federal laws, rules, regulations, procedures, or guidance is exempt as long as the Entity: maintains procedures pursuant to those requirements; provides notice to consumers pursuant to those requirements; and timely provides notice to the Attorney General when the number of affected individuals exceeds 1,000.
- An Entity subject to or regulated by state laws, rules, regulations, procedures, or guidance—that are at least as thorough as the notice requirements in this law—is exempt as long as the Entity: maintains procedures pursuant to those requirements; provides notice to consumers pursuant to those requirements; and timely provides notice to the Attorney General when the number of affected individuals exceeds 1,000.
Other Key Provisions:
- Delay for Law Enforcement. Notice may be delayed if a law enforcement agency determines that the notice will impede a criminal investigation or national security, and the law enforcement agency has submitted a written request for the delay. The law enforcement agency may revoke the delay as of a specified date or extend the delay, if necessary.
- Government entities are subject to the Act as well and must provide notice in line with the provisions of the law.
- AG Enforcement. The Attorney General has exclusive authority to bring an action for civil penalties under the Act.
Alabama Data Security & Cyber Regulations are constantly evolving. Its a good idea to be assessed no less than annually for compliance.
Last Updated On
