IA Standards
The intent of the IA Standards Knowledge Unit is to provide students with an understanding of the common standards related to information assurance.
Topics
- Map the processes for the creation and/or changes to different types of standards.
- Commercial Standards a. PCI/DSS
- Laws a. HIPAA b. FERPA c. Sarbanes-Oxley d. FISMA e. Data breach disclosure laws
- Commercial Standards
- Laws
- Risks to Privacy
- Open Standards
- OWASP
- Regulations
- NIST 800-53
- Commercial Standards
a. PCI/DSS
- Laws
a. HIPAA
b. FERPA
c. Sarbanes-Oxley
d. FISMA
e. Data breach disclosure laws
Outcomes
- Compare and contrast different types of standards including: laws, regulations, policies, voluntary, and framework-based standards.
- Map the processes for the creation and/or changes to different types of standards.
- Describe the impact of legal/regulatory standards on a given system.
- Describe how standards may be applied and assessed for a sub-contractor or customer.
- List and describe key provisions of common standards.
- Commercial Standards
a. PCI/DSS
- Compare and contrast different types of standards including laws, regulations, policies, voluntary, and framework-based standards.
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0261 |
Knowledge of Payment Card Industry (PCI) data security standards. |
K0262 |
Knowledge of Personal Health Information (PHI) data security standards. |
K0004 |
Knowledge of cybersecurity and privacy principles. |
K0624 |
Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) |
K0341 |
Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity. |
K0615 |
Knowledge of privacy disclosure statements based on current laws. |
ID |
DESCRIPTION |
S0012 |
Skill in conducting knowledge mapping (e.g., map of knowledge repositories). |
S0147 |
Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). |
ID |
DESCRIPTION |
A0112 |
Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance. |