•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

IA Standards

The intent of the IA Standards Knowledge Unit is to provide students with an understanding of the common standards related to information assurance.

Topics

  1. Map the processes for the creation and/or changes to different types of standards.
  2. Commercial Standards a. PCI/DSS
  3. Laws a. HIPAA b. FERPA c. Sarbanes-Oxley d. FISMA e. Data breach disclosure laws
  4. Commercial Standards
  5. Laws
  6. Risks to Privacy
  7. Open Standards
  8. OWASP
  9. Regulations
  10. NIST 800-53
  11. Commercial Standards a. PCI/DSS
  12. Laws a. HIPAA b. FERPA c. Sarbanes-Oxley d. FISMA e. Data breach disclosure laws

Outcomes

  1. Compare and contrast different types of standards including: laws, regulations, policies, voluntary, and framework-based standards.
  2. Map the processes for the creation and/or changes to different types of standards.
  3. Describe the impact of legal/regulatory standards on a given system.
  4. Describe how standards may be applied and assessed for a sub-contractor or customer.
  5. List and describe key provisions of common standards.
  6. Commercial Standards a. PCI/DSS
  7. Compare and contrast different types of standards including laws, regulations, policies, voluntary, and framework-based standards.

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0261 Knowledge of Payment Card Industry (PCI) data security standards.
K0262 Knowledge of Personal Health Information (PHI) data security standards.
K0004 Knowledge of cybersecurity and privacy principles.
K0624 Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
K0341 Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity.
K0615  Knowledge of privacy disclosure statements based on current laws. 
ID DESCRIPTION
S0012 Skill in conducting knowledge mapping (e.g., map of knowledge repositories).
S0147 Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
ID DESCRIPTION
A0112 Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.
ID DESCRIPTION