Laws and Regulations

If you question them, they will tell you to google the local FBI phone number. When the receptionist answers, ask to be forwarded to <INSERT FBI AGENT AT DOOR NAME HERE>. That will ring the agents cell phone.” https://www.reddit.com/r/NoStupidQuestions/comments/1597z4l/when_an_fbi_or_cia_guy_comes_to_your_door_and/

Three letter agencies and spy agencies around the world will do this, not just NSA

So when I write or say NSA, I generally mean the others inclusively

NSA spy through usb

NSA spy through hdd

Ask yourself this before using a new device (or go through this with your current/old devices): “Does this have telemetry?”

Answer: Majority of the time, the answer is yes

Federal Laws

HIPAA
Sarbanes-Oxley (SOX) Act: corporate finance processes
FISMA government networks security standard
Electronics Communications Privacy Act
PATRIOT Act
Privacy Act of 1974
Cyber Intelligence Sharing and Protection Act (CISPA)
Consumer Data Security and Notification Act
Computer Security Act of 1987
18 U.S.C 1029
18 U.S.C 1030
FERPA: education record
GLBA: personal finance data
DMCA: intellectual property
SPY-Act: license enforcement
CAN-SPAM: email marketing

Standards

PCI-DSS
ISO 27002: Information Security guidelines
CVSS: Common Vulnerability Scoring System (related: CVE: common vulnerabilities and exposure)

Frameworks

NIST Cybersecurity Framework (CSF)
NIST Special Publication (SP) 800-53
FICAM (Federal Identity, Credential, and Access Management)

FICAM is an initiative defined by the U.S. Federal Government to simplify identity and access management across government systems.

NIST controls

NIST Cybersecurity Framework (CSF)

Framework Core (23 activities, 108 distinct outcomes), Framework Implementation Tiers, Framework Profiles

5 functions:

Identify
Protect
Detect
Respond
Recover

Policies

BYOD, bring your own device
COPE, company-owned, personally enabled
CYOD, choose your own device