Microsoft System Center Process Pack for it grc release Notes




Скачать 80.47 Kb.
НазваниеMicrosoft System Center Process Pack for it grc release Notes
Дата26.09.2012
Размер80.47 Kb.
ТипДокументы


Microsoft System Center Process Pack for IT GRC Release Notes
Published: April 2012
© 2012 Microsoft Corporation. All rights reserved.


Contents

§1. Brief Description of the Process Pack for IT GRC

§2. Getting Started

Known Issues

§4. Feedback

§5. Disclaimer

§6. Copyright and License Agreement

§7. Supported Authority Documents


§1. Brief Description of the Process Pack for IT GRC

The Microsoft System Center Process Pack for IT GRC (“Process Pack for IT GRC”) is a Process Pack for Microsoft® System Center Service Manager 2012 that helps automate end-to-end compliance management. The included IT Compliance Management Library contains compliance information that can take advantage of System Center Service Manager’s integration with System Center Configuration Manager to monitor, validate, and report on the compliance state of deployed Microsoft products. Together, these solutions help Microsoft customers understand and bind complex business objectives to their computing infrastructure.

§2. Getting Started

See the Process Pack for IT GRC – Evaluation and Deployment Guide.





§3. Known Issues

The following are known functional issues for this release:

  • Process Pack for IT GRC cannot be uninstalled if Service Manager is uninstalled first. The correct order to uninstall the Process Pack for IT GRC for Service Manager is to first uninstall the Process Pack for IT GRC for Service Manager from default programs in Control Panel and then to uninstall Service Manager.

  • Windows Server 2003 and Windows XP did not correlate Service Pack information with Service Pack build numbers. Please check the results carefully when using DCM (Desired Configuration Management) to check Windows Server 2003 and Windows XP Service Packs; unknown results might display in the SQL Server Reporting service report.

  • Test criteria that are greater than 4000 characters cannot be processed by the Service Manager Console, and can cause it to shut down unexpectedly. A small number of test criteria in this release were initially greater than 4000 characters; these test criteria were truncated in this release to prevent unexpected shutdowns.

  • After the Process Pack for IT GRC add-in successfully installs, an error message may display that indicates Setup has stopped working.

  • Adding related items can only be possible for instances of compliance objects and not to any templates.

  • To add an item under a category or a control objective in the program framework you have to expand the node, or else the added item would not display.

  • Modifying the compliance applicability groups provided in IT Compliance Management Libraries using the Service Manager Console causes the Service Manager console to abnormally terminate or become unresponsive. (9/30/2010)

  • Modifying a program’s General and Framework tabs at the same time may result in a data conflict error message. To resolve this issue, modify each tab separately and apply the changes separately. (9/30/2010)

  • After modifying an existing security role property, such as description, a user who is assigned that security role may not be able to select authorized configuration item types such as Computer, Software Items, and Business Services that were previously available. (9/30/2010)

  • The IT GRC Connector may not complete processing or hang. To resolve this issue, delete the connector instance and recreate it. (9/30/2010)

  • The Visual Studio Tools for Office (VSTO) version 3.0 (used by Microsoft Excel® in the IT GRC Process Pack Client Add-in) does not support 64-bit versions of Microsoft Office System 2010. However, 32-bit versions of Microsoft Office System 2007 and 2010 are supported. (2/2011)

  • When a Program Implementer tries to add scope to a program, they may see the following error “An item with the same key has already been added." The message is misleading because it is a security issue and the PI role cannot add scope to a program. (2/2011)

  • The SP1 version of the IT GRC Excel Client can only be used to connect to an SP1 server. The 1.0 version of the Excel Client Add-in can connect to both a v1.0 server and a SP1 server. (2/2011)

  • If an unshared risk is created and added into a program, the risk will only be visible to the risk’s owner and not visible to the Program Manager. If the risk is added to a category in the program framework, the risk will be visible to Program Manager. (2/2011)

  • Although it is possible to customize both the Risk Management form and the Control Objective form using the Authoring Tool, the customizations will not display. All other forms should work properly after customization. (2/2011)

  • Row deletions in Excel are not allowed. (2/2011)


The following are known performance issues for this release:

  • Importing a large number of control objectives and control activities into a program using the Control Import Wizard can take a considerable amount of time. (9/30/10)

  • Refreshing or publishing a program in the IT GRC Process Pack Client Add-in that is used in Microsoft Excel can take a considerable amount of time if the program contains a large number of control objectives, control activities, or risks. (9/30/10)

  • Expanding information on the Framework tab of a program can take a considerable amount of time if the program contains a large number of control objectives, control activities, or risks. (9/30/10)


§4. Feedback

Send suggestions and comments about this document to secwish@microsoft.com.


§5. Disclaimer

IMPORTANT INFORMATION: The Microsoft System Center Process Pack for IT GRC (“Process Pack for IT GRC”) is designed to facilitate compliance activities conducted by your organization’s IT experts, auditors, accountants, attorneys and other compliance professionals. The software does not replace those professionals. The Process Pack for IT GRC includes some control objectives and authority document citations plus libraries with some control activities and associated product value settings. These objectives, citations, controls and settings do not verify or guarantee fulfillment of your organization’s compliance obligations. It is the responsibility of your organization to choose the objectives, citations, controls and settings to use, modify, add or remove based on guidance from your organization’s compliance professionals. Reports and any other information provided by or generated from the software do not constitute professional compliance advice. You must consult compliance professionals to confirm compliance with specific governance, risk, and compliance authority documents.


§6. Copyright and License Agreement

This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.


Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.


This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.


© 2012 Microsoft Corporation. All rights reserved.


Microsoft and Excel are trademarks of the Microsoft group of companies.


All other trademarks are property of their respective owners.


§7. Supported Authority Documents

Below is a full list of all supported authority documents for Process Pack for IT GRC release.

Some authority documents cited in v1.0 and SP1 release are no longer supported in the current Process Pack for IT GRC release, as they have been deprecated.

Each of these documents is cited at the authority document level, except the following 12 are mapped to section-level citation:

  • OGC ITIL: Security Management

  • MOF Service Management Function

  • The Sarbanes-Oxley Act of 2002 (SOX)

  • Payment Card Industry (PCI) Data Security Standard 2.0, Requirements and Security Assessment Procedures

  • Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A

  • ISO/IEC 27002 Code of practice for information security management

  • ISO/IEC 27001 Information Security Management Systems - Requirements

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress

  • Federal Information Security Management Act

  • Federal Risk and Authorization Management Program

  • The Cloud Security Alliance Controls Matrix

  • CobiT




#123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402

TITLE§ 1724 California Civil CodeNRC Regulations (10 CFR) § 73.54 Protection of digital computer and communication systems and networksEFT (Electronic Fund Transfer) Act (Reg. E) SEC 12 CFR 205SEC 12 CFR 229 Availability of Funds and Collection (Check Clearing for the 21st Century)NCUA Guidelines for Safeguarding Member Information, 12 CFR 748Amendments to the FTC Telemarketing Sales Rule, 16 CFR Part 310Telemarketing Sales Rule (TSR), 16 CFR 310Children's Online Privacy Protection Act (COPPA), 16 CFR 312Privacy of Consumer Financial Information, FTC 16 CFR 313Standards for Safeguarding Customer Information; Final Rule, FTC 16 CFR 31416 CFR Part 682 Disposal of consumer report information and recordsRetention of Audit and Review Records, SEC 17 CFR 210.2-06Controls and Procedures, SEC 17 CFR 240.15d-15Reporting Transactions and Holdings, SEC 17 CFR 240.16a-3Recordkeeping rule for securities exchanges, SEC 17 CFR 240.17a-1Records to be made by certain exchange members, brokers, and dealers SEC 17 CFR 240.17a-3Records to be preserved by certain exchange members, brokers, and dealers SEC 17 CFR 240.17a-4Record retention SEC 17 CFR 240.17Ad-7Part II Securities and Exchange Commission 17 CFR Parts 210, 228, 229 and 240 Amendments to Rules Regarding Management's Report on Internal Control Over Financial Reporting; Final RuleDriver's Privacy Protection Act (DPPA), 18 USC 2721Video Privacy Protection Act (VPPA), 18 USC 2710FDA Electronic Records; Electronic Signatures FDA 21 CFR Part 11+D1Family Education Rights Privacy Act (FERPA), 20 USC 123249 CFR Part 1542 - Airport SecurityPrivacy Act of 1974, 5 USC 552aChemical Facility Anti-Terrorism Standards (CFATS), Department of Homeland Security, 6 CFR Part 27ACH (Automated Clearing House) Operating Rules OCC Bulletin 2004-58AICPA Incident Response Plan: Template for Breach of Personal InformationAICPA SAS No. 94, The Effect of Information Technology on the Auditor's Consideration of Internal ControlsAICPA Suitable Trust Services Principles and CriteriaAICPA/CICA Privacy FrameworkAlaska Personal Information Protection Act, Chapter 48American Express Data Security Standard (DSS)Appendix III to OMB Circular No. A-130: Security of Federal Automated Information ResourcesSafety and Soundness Standards, Appendix of OCC 12 CFR 30Argentina Personal Data Protection ActArizona State Law 44-7501. Notification of breach of security systemArkansas Code Title 4 Business and Commercial Law Subtitle 7 Consumer Protection, Chapter 110 Personal Information, §§ 4-110-103 thru 4 -110-105, Personal Information Protection ActArkansas Personal Information Protection Act AR SB 1167Army Regulation 380-19: Information Systems SecurityAustralia Better Practice Guide - Business Continuity ManagementAustralia Privacy Act 1988Australia Spam ActAustralia Spam Act 2003: A practical guide for businessAustralia Telecommunications Act 1997Australian Government ICT Security Manual (ACSI 33)Austria Data Protection ActAustria Telecommunications ActAviation and Transportation Security Act, Public Law 107 Released-71, November 2001Bank Secrecy Act (aka The Currency and Foreign Transaction Reporting Act)Basel II: International Convergence of Capital Measurement and Capital Standards - A Revised FrameworkBBBOnline Code of Online Business PracticesBelgian Law of 8 December 1992 on the protection of privacy in relation to the processing of personaBIS Sound Practices for the Management and Supervision of Operational RiskBosnia Law on Protection of Personal DataBS25999, Guide to Business Continuity ManagementCA Civil Code 1798.84Cable Communications Privacy Act Title 47 § 551California Civil Code § 1798.91 State Prohibitions on Marketing Practices using Medical InformationCalifornia Civil Code Title 1.8 Personal Data Chapter 1 Information Practices Act of 1977 Article 7. Accounting of Disclosures §§ 1798.25-1798.29California Civil Code Title 1.81 Customer Records §§ 1798.80-1798.84California General Security Standard for Businesses CA AB 1950California Information Practice Act, CA SB 1386California OPP Recommended Practices on Notification of Security BreachCalifornia Personal Information: Disclosure to Direct Marketers Act (SB 27)California Public Records Military Veteran Discharge Documents, California Assembly Bill 1798California Public Records Military Veteran Discharge Documents, California Assembly Bill 1798California Senate Bill 20 (2009, Simitian), An act to amend Sections 1798.29 and 1798.82 of the Civil Code, relating to personal informationCanada Personal Information Protection Electronic Documents Act (PIPEDA)Canada Privacy ActCanadian Marketing Association Code of Ethics and Standards of PracticeCERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE)Children's Online Privacy Protection Act of 1998CISWG Information Security Program ElementsClinger-Cohen Act (Information Technology Management Reform Act)CMS Business Partners Systems Security ManualCMS Core Security Requirements (CSR)CMS Information Security Risk Assessment _IS RA_ ProcedureCobiTCobiT 4.1Code of Alabama, Article 10 The Consumer Identity Protection Act, § 13A-8-190 thru § 13A-8-201CODE OF CORPORATE GOVERNANCE 2005Colorado Consumer Credit Solicitation Protection, CO HB 04-1274Colorado Disposal of Personal Identifying Documents C.R.S. 6-1-713Colorado Prohibiting Inclusion of Social Security Number, CO HB 04-1311Colorado Prohibition against Using Identity Information for Unlawful Purpose, CO HB 04-1134Colorado Revised Statutes 6-1-716, Notice of Security BreachColorado Revised Statutes Title 16 Article 5 Section 103 Identity theft victims - definitionsComputer Fraud and Abuse ActComputer Security Incident Handling Guide, NIST SP 800-61Connecticut law Concerning Nondisclosure of Private Tenant Information, CT HB 5184Connecticut law Requiring Consumer Credit Bureaus to Offer Security Freezes, CT SB 650Connecticut Public Act 08-167, An Act Concerning the Confidentiality of Social Security NumbersConnecticut State Law Sec. 36a-701b. Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade pracConsumer Interests in the Telecommunications Market, Act No. 661Contingency Planning Guide for Information Technology Systems, NIST SP 800-34Controlling the Assault of Non=Solicited Pornography and Marketing Act of 2003Corporate Governance in listed Companies – Clause 49 of the Listing AgreementCorporate Information Security Working Group: Report of the best practices and metrics teams; subcommittee on technology, information policy, intergovernmental relations and the census; Government RefCorporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004COSO Enterprise Risk Management (ERM) Integrated Framework (2004)C-TPAT Supply Chain Security Best Practices CatalogCustoms-Trade Partnership Against Terrorism (C-TPAT) Importer Security CriteriaCzech Republic Personal Data Protection ActDefense Industrial Base Information Assurance StandardDefense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2Defense Information Systems Agency UNIX Security Technical Implementation Guide Version 5 Release 1Delaware Code TITLE 6 Commerce and Trade, Subtitle II Other Laws Relating to Commerce and Trade ,Chapter 12B. Computer Security Breaches, §§ 12B-101 thru 104Denmark Act on Competitive Conditions and Consumer InterestsDenmark, The Act on Processing of Personal DataDesign Criteria Standard for Electronic Records Management Software Application, DOD 5015.2Direct Marketing Association – Privacy PromiseEU Directive on Privacy and Electronic Communications, 2002/58/ECDirective 2003/4/EC Of The European ParliamentEU Directive on Data Protection, 95/46/ECDISA Secure Remote Computing Security Technical Implementation Guide version 1.2DISA Windows Server 2003 Security Checklist Version 6 Release 1.11DISA Windows VISTA Security ChecklistDISA Windows XP Security ChecklistDISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, V5R2.3Disaster / Emergency Management and Business Continuity, NFPA 1600District of Columbia Official Code, Division V Local Business Affairs, Title 28. Commercial Instruments and Transactions, Chapter 38. Consumer Protections, Subchapter II. Consumer Security Breach NotiDOT Physical Security Survey ChecklistEqual Credit Opportunity Act (Reg. B)EU 8th Directive (European SOX)Fair and Accurate Credit Transactions Act of 2003 (FACT Act)Fair Credit Reporting Act (FCRA)FDCC SCAP OVAL Patches - IE7Federal Information Security Management Act of 2002 (FISMA)Federal Information System Controls Audit Manual (FISCAM)Federal Rules of Civil Procedure (2007)FERC Security Program for Hydropower ProjectsFFIEC Guidance on Authentication in an Internet Banking EnvironmentFFIEC IT Examination Handbook – AuditFFIEC IT Examination Handbook – Business Continuity PlanningFFIEC IT Examination Handbook – Development and AcquisitionFFIEC IT Examination Handbook – E-BankingFFIEC IT Examination Handbook – Information SecurityFFIEC IT Examination Handbook – ManagementFFIEC IT Examination Handbook – OperationsFFIEC IT Examination Handbook – Outsourcing Technology ServicesFFIEC IT Examination Handbook – Retail Payment SystemsFFIEC IT Examination Handbook – Supervision of Technology Service ProvidersFFIEC IT Examination Handbook – Wholesale Payment SystemsFinancial Reporting Council, Combined Code on Corporate GovernanceFinland act on the amendment of the Personal Data Act (986/2000)Finland Act on the Protection of Privacy in Electronic CommunicationsFinland Personal Data Protection Act (523/1999)FIPS 140-2, Security Requirements for Cryptographic ModulesFIPS 191, Guideline for the Analysis of Local Area Network (LAN) SecurityFIPS 199, Standards for Security Categorization of Federal Information and Information SystemsFIPS 200, Minimum Security Requirements for Federal Information and Information SystemsFlorida Personal Identification Information/Unlawful Use, FL HB 481Florida Statute 817.5681  Breach of security concerning confidential personal information in third-party possessionFrance Data Processing, Data Files and Individual LibertiesFTC Electronic Signatures in Global and National Commerce Act (ESIGN)FTC FACT Act Red Flags Rule TemplateGAO/PCIE Financial Audit Manual (FAM)General Laws of Massachusetts, Part I, Title XV Chapter 93H, Security BreachesGenerally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14Georgia Code Title 10 Chapter 1 Article 34 § 10-1-911 thru 10-1-915 Notification required upon breach of security regarding personal informationGeorgia Public employees; Fraud, Waste, and Abuse, GA HB 656German Corporate Governance Code ("The Code")German Federal Data Protection ActGramm-Leach-Bliley Act (GLB)Greece Law Protection of personal data and privacy in electronic telecommunications sector (Law 3471)Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks, NIOSH, May 2002, DHHS (NIOSH) Publication No. 2002-139Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68Guide for Assessing the Security Controls in Federal Information Systems,  NIST SP 800-53AGuide for Developing Performance Metrics for Information Security, NIST SP 800-80Guide for Developing Security Plans for Federal Information Systems, NIST SP 800-18Guide for Mapping Types of Information and Information Systems to Security Categories, NIST SP 800-60Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), NIST SP 800-122Guidelines for Media Sanitization, NIST Special Publication 800-88Guidelines on Cell Phone and PDA Security, NIST Special Publication 800-124Guidelines on Firewalls and Firewall Policy, NIST SP 800-41Hawaii Revised Statute § 487N. Security Breach of Personal InformationHealth Insurance Portability and Accountability Act of 1996 (HIPAA)HIPAA HCFA Internet Security PolicyHong Kong Personal Data (Privacy) OrdinanceHungary Protection of Personal Data and Disclosure of Data of Public InterestIceland Protection of Privacy as regards the Processing of Personal DataIdaho Code Title 28 Commercial Transactions, Chapter 51 Identity TheftIdentity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003IIA Global Technology Audit Guide (GTAG): Information Technology ControlsIIA Global Technology Audit Guide (GTAG):Change and Patch Management Controls: Critical for Organizational SuccessIIA Global Technology Audit Guide (GTAG): Continuous Auditing: Implications for Assurance, Monitoring, and Risk AssessmentIIA Global Technology Audit Guide (GTAG): Management of IT AuditingIIA Global Technology Audit Guide (GTAG): Managing and Auditing Privacy RisksIIA Global Technology Audit Guide (GTAG): Managing and Auditing IT VulnerabilitiesIIA Global Technology Audit Guide (GTAG): Information Technology OutsourcingIIA Global Technology Audit Guide (GTAG): Auditing Application ControlsIllinois Compiled Statutes, Chapter 815, ILCS 530/Personal Information Protection Act.Illinois Personal Information Protection Act IL HB 1633Implementation Guide for OMB Circular A-123 Management’s Responsibility for Internal ControlIndia Information Technology Act (ITA-2000)Indiana Code 24, Article 4.9. Disclosure of Security BreachIndiana Code 24, Notice of Security Breach, Chapter 11Indiana Release of Social Security Number, Notice of Security Breach IN SB 503Information Technology Security Evaluation Criteria (ITSEC)Information Technology Security Evaluation Manual (ITSEM)Internet Security: Distributed Denial of Service Attacks – OCC Alert 2000-1Iowa Code Annotated § 614.4aIowa Code Annotated § 714.16B Civil Cause of ActionIowa Code Annotated § 715C Personal Information Security Breach ProtectionIreland Consolidated Data Protection Acts of 1988 and 2003Ireland Data Protection Act of 1988Ireland Data Protection Amendment 2003IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return InformationIRS Revenue Procedure: Record retention: automatic data processing, 98-25IRS Revenue Procedure: Retention of books and records, 97-22ISACA Cross-Border Privacy Impact AssessmentISACA IS Standards, Guidelines, and Procedures for Auditing and Control ProfessionalsISF Security Audit of NetworksISF Standard of Good Practice for Information SecurityISO 15489-1:2001, Information and Documentation: Records management: Part 1: GeneralISO 15489-2: 2001, Information and Documentation: Records management: Part 2: GuidelinesISO 13335-1:2004, Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technISO 13335-3:1998, Information technology — Guidelines for the management of IT Security — Part 3: Techniques for the management of IT SecurityISO 13335-4:2000, Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguardsISO 13335-5:2001, Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network securityISO/IEC 15408-1:2005 Common Criteria for Information Technology Security Evaluation Part 1ISO/IEC 15408-2:2008 Common Criteria for Information Technology Security Evaluation Part 2ISO/IEC 15408-3:2008 Common Criteria for Information Technology Security Evaluation Part 3ISO 17799:2000, Code of Practice for Information Security ManagementISO 17799:2005 Code of Practice for Information Security ManagementISO/IEC 18045:2005 Common Methodology for Information Technology Security Evaluation Part 3ISO/IEC 18045:2008 Common Methodology for Information Technology Security EvaluationISO/IEC 20000-1:2005 Information technology - Service Management Part 1ISO/IEC 20000-2:2005 Information technology - Service Management Part 2ISO 27001:2005, Information Security Management Systems - RequirementsISO/IEC 27002-2005 Code of practice for information security managementISO 73:2002, Risk Management - VocabularyISSA Generally Accepted Information Security Principles (GAISP)IT Baseline Protection Manual Standard Security Safeguards GermanyIT Service Management Standard - Code of Practice, BS ISO/IEC 20000-2:2005IT Service Management Standard , BS ISO/IEC 20000-1:2005Italy Personal Data Protection CodeItaly Protection of Individuals Other Subject with regard to the Processing of Personal DataJapan Act on the Protection of Personal Information Protection (Law No. 57 of 2003)Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce in the Private Sector (version 1.0)Japan Handbook Concerning Protection Of Personal DataKansas Statutes Chapter 50, Article 7a Protection Of Consumer InformationKentucky Revised Statutes Title III Chapter 15  § 113 Prevention of Identity TheftKentucky Revised Statutes Title XXXVI Chapter 411 § 210 Action for theft of identity or trafficking in stolen identitiesKorea Act on Promotion of Information & Communication Network Utilization and Information Protection, etcKorea Act on the Protection of Personal Information Maintained by Public Agencies 1994Korea Act Relating to Use and Protection of Credit InformationLuxembourg Data Protection LawSpecter-Leahy Personal Data Privacy and Security ActLithuania Law on Legal Protection of Personal DataLouisiana Revised Statutes Title 51 §§ 3073-3074 Database Security Breach Notification LawMaine Revised Statutes Title 10, Part 3 Chapter 210-B Notice of Risk to Personal Data §§Maryland Code of Commercial Law Subtitle 35. Maryland Personal Information Protection Act §14-3501 thru §14-3508Massachusetts 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsMasterCard Electronic Commerce Security Architecture Best PracticesMasterCard Wireless LANs - Security Risks and GuidelinesMexico Federal Personal Data Protection LawMichigan Identity Theft Protection Act, Act 452 of 2004, § 445.61 thru § 445.72aMicrosoft Developer Network Security GlossaryMicrosoft Windows Vista Security Guide Appendix A: Security Group Policy SettingsMinnesota Plastic Card Security Act H.F. 1758Minnesota Statute § 13.055 State Agencies; Disclosure of Breach in SecurityMinnesota Statute § 325E.61 Data Warehouses; Notice Required For Certain DisclosuresMinnesota Statute § 325E.64 Access Devices; Breach of SecurityMissouri Revised Statutes Chapter 407 Merchandising Practices § 407.1500Montana bill to Implement Individual Privacy and to Prevent Identity Theft, MT HB 732Montana Code § 30-14-1701 thru § 30-14-1705 and § 30-14-1721 thru § 30-14-1722; Protection of individual privacy and to impede identity theft as prohibited by § 45-6-332Montana Code § 45-6-332. Theft of identityMulti-Function Device (MFD)and Printer Checklist for Sharing Peripherals Across the Network Security Technical Implementation GuideNASD ManualNational Incident Management System (NIMS), Department of Homeland Security, December 2008Nebraska Revised Statutes § 87-801 thru § 87-807, Data Protection and Consumer Notification of Data Security Breach Act of 2006Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92Nevada Revised Statute Chapter 603A, Security of Personal InformationNevada Security Breach Notification Law, NV SB 347New Hampshire Statute Title XXXI, Chapter 359-C Right to Privacy, Notice of Security BreachNew Jersey Identity Theft Prevention Act, NJ A4001/S1914New Jersey Permanent Statutes Title 56 Security of Personal InformationNew York Disposal of Records Containing Personal Identifying Information NY CLS Gen Bus § 399-hNew York Information Security Breach and Notification ActNew York State General Business Law Chapter 20, Article 39-F, § 899-aaNew Zealand Privacy Act 1993NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006NIST SCAP Microsoft Internet Explorer Version 7.0 OVALNorth American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security StandardsNorth Carolina Security Breach Notification Law (Identity Theft Protection Act of 2005)North Carolina Statutes Chapter 75 Article 2A. Identity Theft Protection Act § 75-60 through § 75-66North Dakota Century Code, CHAPTER 51-30  Notice of Security Breach For Personal InformationNorth Dakota Personal Information Protection Act, ND SB 2251NSA Guide to Securing Microsoft Windows 2000 Group PolicyNSA Guide to Security Microsoft Windows XPNYSE Listed Company ManualOECD / World Bank Technology Risk ChecklistOECD Guidelines on the Protection of Privacy and Transborder Flows of Personal DataOECD Principles of Corporate GovernanceOGC ITIL: Application ManagementOGC ITIL: ICT Infrastructure ManagementOGC ITIL: Planning to Implement Service ManagementOGC ITIL: Security ManagementOGC ITIL: Service DeliveryOGC ITIL: Service SupportOhio Personal information - contact if unauthorized access, OH HB 104Ohio Revised Code Title XIII Chapter 1347 § 1347.12 Agency disclosure of security breach of computerized personal information dataOhio Revised Code Title XIII Chapter 1349 § 1349.19 Private disclosure of security breach of computerized personal information dataOklahoma Administrative Code Title 375 Chapter 40 Oklahoma Identity Theft Passport Program § 375:40-1-1 thru § 375:40-1-11Oklahoma State Law Disclosure of breach of security of computerized personal information, §74-3113.1OMB Circular A-123 Management’s Responsibility for Internal ControlOregon Consumer Identity Theft Protection Act, Senate Bill 583Oregon Revised Statutes Chapter 646a § 646A.600 thru § 646A.624 Identity Theft Protection ActORGANIC LAW 15/1999 of 13 December on the Protection of Personal DataPayment Card Industry (PCI) Data Security Standard Security Audit ProceduresPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder DataPayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data StoragePayment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service ProvidersPayment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment ProceduresPayment Card Industry (PCI) Payment Application Data Security StandardPayment Card Industry Self-Assessment Questionnaire A and Attestation of Compliance No Electronic StPayment Card Industry Self-Assessment Questionnaire B and Attestation of Compliance Imprint MachinesPayment Card Industry Self-Assessment Questionnaire C and Attestation of Compliance Payment ApplicatPayment Card Industry Self-Assessment Questionnaire D and Attestation of Compliance All Other MerchPCAOB Auditing Standard No. 2PCAOB Auditing Standard No. 3PCAOB Auditing Standard No. 5PCI DSS (Payment Card Industry Data Security Standard)PCI DSS Security Scanning ProceduresPennsylvania Statutes Title 73 – Trade and Commerce Chapter 43 – Breach of Personal Information Notification Act § 2301 thru § 2329Performance Measurement Guide for Information Security, NIST 800-55 Rev. 1Poland Protection of Personal Data ActPortuguese Act on the Protection of Personal Data 67/98Protection of Assets Manual, ASIS InternationalPuerto Rico Code Title 10 Subtitle 3 Chapter Citizen Information on Data Banks Security Act, 10 L.P.R.A. § 4051Recommended Security Controls for Federal Information Systems, NIST SP 800-53Responsible Care Security Code of Management Practices, American Chemistry CouncilRevised Code of Washington Title 19 Chapter 19.215 Disposal of personal information § 19.215.005 thru § 19.215.030Revised Code of Washington Title 19 Chapter 19.255 Personal information - notice of security breaches § 19.255.010Rhode Island General Law Chapter 11-49.2 Identity Theft Protection § 11-49.2-1 thru § 11-49. 2-4Rhode Island Security Breach Notification Law, RI HB 6191Risk Management Guide for Information Technology Systems, NIST SP 800- 30SAS 109, Understanding the Entity and Its Environment and Assessing the Risks of Material MisstatementSAS 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence ObtainedSecurities Act of 1933Securities Exchange Act of 1934Security Considerations in the Information System Development Life Cycle, NIST SP 800-64Security Metrics Guide for Information Technology Systems, NIST SP 800-55Security Self-Assessment Guide, NIST SP 800-26Slovak Republic Protection of Personal Data in Information SystemsSmith Guidance on Audit Committees, UK FRCSouth Carolina Code of Laws § 1-11-490 Breach of security of state agency data notificationSouth Carolina Code of Laws § 16-13-512 Credit Card and § 39-1-90 Breach of security of business data notificationState of Arizona Standard P800-S880, Revision 2.0: Media Sanitation/DisposalState Prohibitions on Marketing Practices using Medical Information (CA SB1633)Sweden Personal Data Act (1998:204)Swedish Code of Corporate Governance; A Proposal by the Code GroupSwitzerland Federal Act on Data ProtectionSystem Security Plan (SSP) ProcedureTaiwan Computer-Processed Personal Data Protection Law 1995Technology Risk Management Guide for Bank Examiners – OCC Bulletin 98-3Tennessee Code Title 47 Chapter 18 Part 21 Identity Theft Deterrence § 47-18-2101 thru § 47-18-2110Tennessee Security Breach Notification, TN SB 2220Texas Business and Commerce Code, secs. 48.102, 48.103Texas Business and Commercial Code Title 11, Subtitle B, Chapter 521 Subchapter A § 521Texas Identity Theft Enforcement and Protection Act, TX SB 122The DIRKS Manual: A Strategic Approach to Managing Business InformationThe Dutch corporate governance code, Principles of good corporate governance and best practice provisionsThe GAIT MethodologyThe King Committee on Corporate Governance, Executive Summary of the King Report 2002The National Strategy to Secure CyberspaceThe Sarbanes-Oxley Act of 2002The Sedona Principles Addressing Electronic Document ProductionThe Standard of Good Practice for Information SecurityTITLE 49, Subtitle VII - Aviation ProgramsTransportation Security Administration (TSA) Security Guidelines for General Aviation Airports, Information Publication A-001, May 2004Turnbull Guidance on Internal Control, UK FRCUK Data Protection Act of 1998UN Guidelines for the Regulation of Computerized Personal Data Files (1990)Underlying Technical Models for Information Technology Security, SP 800-33Uniform Electronic Transactions Act (UETA) (1999)Uniform Rules of Evidence ActUS Department of Commerce EU Safe Harbor Privacy PrinciplesUS Department of Energy Cyber Security Program Media Clearing, Purging, and Destruction Guidance: DOE CIO Guidance CS-11US Export Administration Regulations DatabaseUS The International Traffic in Arms RegulationsUtah Protection of Personal Information Act, Utah Code § Title 13-44. Protection of Personal Information ActVermont Relating to Identity Theft , VT HB 327Vermont Statute Title 9 Chapter 62 Protection of Personal Information § 2430, § 2435, § 2440, § 2445Virgin Islands Code Tittle 14 Chapter 110 The Identity Theft Prevention Act § 2201 thru § 2211Virginia Code Title 18.2 Chapter 6 Breach of personal information notification § 18.2-186.6Virginia Identity theft; penalty; restitution; victim assistance, VA HB 872VISA CISP: What to Do If Compromised Visa Fraud Control and Investigation ProceduresVisa Data Field EncryptionVISA E-Commerce Merchants Guide to Risk Management Tools and Best Practices for Building a Secure Internet BusinessVISA Incident Response Procedure for Account CompromiseVisa Payment Application Best Practices (PABP)Washington DC Consumer Personal Information Security Breach Notification Act of 2006Washington Notice of a breach of the security, WA SB 6043West Virginia Code Chapter 46A Article 2A Breach of Security of Consumer Information § 46A-2A-101 thru § 46A-2A-105Wisconsin Act 138 Notice of unauthorized acquisition of personal informationWisconsin Statute Chapter 134 Notice of unauthorized acquisition of personal information § 134.98Wyoming Statute Title 40 Article 5 Breach of the security of the data system § 40-12-501 thru § 40-12-509

URL LINKhttp://www.leginfo.ca.gov/pub/07-08/bill/asm/ab_0751-0800/ab_779_bill_20070410_amended_asm_v98.pdfhttp://www.nrc.gov/reading-rm/doc-collections/cfr/part073/part073-0054.htmlhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=635f26c4af3e2fe4327fd25ef4cb5638&tpl=/ecfrbrowse/Title12/12cfr205_main_02.tplhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=91f3f63db5cf1624698533e65e823221&rgn=div5&view=text&node=12:3.0.1.1.10&idno=12#12:3.0.1.1.10.4.8.11.30http://www.ffiec.gov/exam/InfoBase/documents/02-ncu-12_cfr_748_app_a_safeguard_info-010100.pdfhttp://www.ftc.gov/bcp/rulemaking/tsr/http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=bf60e7b87681ffcbf1030185f246d305&rgn=div5&view=text&node=16:1.0.1.3.34&idno=16http://www.gpo.gov/nara/cfr/waisidx_03/16cfr312_03.htmlhttp://www.ftc.gov/os/2000/05/65fr33645.pdfhttp://www.ftc.gov/os/2002/05/67fr36585.pdfhttp://www.access.gpo.gov/nara/cfr/waisidx_05/16cfr682_05.htmlhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=1e057afa900af722d0a59a28773472ed&rgn=div8&view=text&node=17:2.0.1.1.8.0.18.9&idno=17http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=c446d97494e9cd1d9bd0f1c628456f00;rgn=div8;view=text;node=17%3A3.0.1.1.1.2.87.310;idno=17;cc=ecfrhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=3fc1d2e7d4a2c838ca758408923105a8;rgn=div8;view=text;node=17%3A3.0.1.1.1.2.90.348;idno=17;cc=ecfrhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=8a707a87faf38f7d2846d9b026ef323e;rgn=div8;view=text;node=17%3A3.0.1.1.1.2.94.371;idno=17;cc=ecfrhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=45bcefcbca5a2961e1cee9a9cb01b160;rgn=div8;view=text;node=17%3A3.0.1.1.1.2.94.373;idno=17;cc=ecfrhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=90722b0e4f8ff362197b60c394489ce4;rgn=div8;view=text;node=17%3A3.0.1.1.1.2.94.375;idno=17;cc=ecfrhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=c81f9f1046cb6bc1569a5db1ff1cb3ca;rgn=div8;view=text;node=17%3A3.0.1.1.1.2.97.421;idno=17;cc=ecfrhttp://www.sec.gov/rules/final/2007/33-8809fr.pdfhttp://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002721----000-.htmlhttp://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002710----000-.htmlhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=a486dc03a379dd084f837db8a3150cf2&rgn=div5&view=text&node=21:1.0.1.1.7&idno=21http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr;sid=432bbda77876ee638be366c1091527ec;rgn=div5;view=text;node=34%3A1.1.1.1.34;idno=34;cc=ecfrhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=4f4fe996be869c46e7a2469576734601&rgn=div5&view=text&node=49:9.1.3.5.10&idno=49http://www.usdoj.gov/opcl/privacyact1974.htmhttp://www.dhs.gov/xprevprot/laws/gc_1166796969417.shtmhttp://www.occ.treas.gov/ftp/bulletin/2004-58.txthttp://www.cica.ca/multimedia/Download_Library/Research_Guidance/Privacy/English/Incident_Response_Plan_May_2005.pdfhttp://www.aicpa.org/pubs/cpaltr/jun2001/auditing.htmhttp://www.aicpa.org/download/trust_services/final-Trust-Services.pdfhttp://ftp.aicpa.org/CSC/infotech/Privacy/3A_01a.pdfhttp://www.legis.state.ak.us/PDF/25/Bills/HB0065Z.PDFhttps://www209.americanexpress.com/merchant/singlevoice/dsw/FrontServlet?request_type=dsw&pg_nm=merchinfo&ln=en&frm=UShttp://www.whitehouse.gov/omb/circulars/a130/a130appendix_iii.htmlhttp://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=55f63dbb4ec993a25080b4cb3eb14e06&rgn=div5&view=text&node=12:1.0.1.1.28&idno=12http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-61939http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/07501.htm&Title=44&DocType=ARShttp://www.arkleg.state.ar.us/SearchCenter/Pages/ArkansasCodeSearchResultPage.aspx?name=4-110-103.Definitions.ftp://www.arkleg.state.ar.us/acts/2005/public/Act1526.pdfhttp://www.fas.org/irp/doddir/army/r380_19.pdfhttp://www.anao.gov.au/uploads/documents/Business_Continuity_Management.pdfhttp://www.comlaw.gov.au/ComLaw/Legislation/ActCompilation1.nsf/framelodgmentattachments/782CE59D0E879E1ACA2571FE001D50E6http://www.austlii.edu.au/au/legis/cth/consol_act/sa200366/http://www.acma.gov.au/acmainterwr/consumer_info/frequently_asked_questions/spam_business_practical_guide.pdfhttp://www.comlaw.gov.au/ComLaw/Legislation/ActCompilation1.nsf/framelodgmentattachments/40762BCB845F1313CA2570F2007B810Chttp://www.dsd.gov.au/_lib/pdf_doc/acsi33/acsi33_changes_u.rtfhttp://www.dsk.gv.at/site/6230/default.aspxhttp://www.rtr.at/en/tk/TKG2003/TKG_2003_eng.pdfhttp://www.tsa.gov/assets/pdf/Aviation_and_Transportation_Security_Act_ATSA_Public_Law_107_1771.pdfhttp://www.occ.treas.gov/handbook/bsa.pdfhttp://www.bis.org/publ/bcbs128.pdfhttp://www.bbbonline.org/reliability/code/CodeEnglish.dochttp://www.privacycommission.be/en/static/pdf/wetgeving/privacywet-en-input-website-220109.pdfhttp://www.bis.org/publ/bcbs96.pdfhttp://www.privacyinternational.org/countries/bosnia/bosnia-dpa.htmlhttp://www.thebci.org/pas56.htmhttp://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84http://www4.law.cornell.edu/uscode/html/uscode47/usc_sec_47_00000551----000-.htmlhttp://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.91http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.25-1798.29http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84http://info.sen.ca.gov/pub/03-04/bill/asm/ab_1901-1950/ab_1950_bill_20040929_chaptered.pdfhttp://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.htmlhttp://www.oispp.ca.gov/consumer_privacy/pdf/secbreach.pdfhttp://info.sen.ca.gov/cgi-bin/postquery?bill_number=sb_27&sess=0304&house=B&site=senhttp://info.sen.ca.gov/pub/01-02/bill/asm/ab_1751-1800/ab_1798_bill_20020424_amended_asm.pdfhttp://info.sen.ca.gov/pub/01-02/bill/asm/ab_1751-1800/ab_1798_bill_20020626_amended_sen.pdfhttp://info.sen.ca.gov/pub/09-10/bill/sen/sb_0001-0050/sb_20_bill_20090908_enrolled.htmlhttp://laws.justice.gc.ca/en/ShowTdm/cs/P-8.6///enhttp://laws.justice.gc.ca/en/ShowTdm/cs/p-21///enhttp://www.the-cma.org/?WCE=C=47%7CK=225849http://www.cert.org/octave/http://www.ftc.gov/ogc/coppa1.htmhttp://www.cisecurity.org/Documents/BPMetricsTeamReportFinal111704Rev11005.pdfhttp://www.cio.gov/Documents/it_management_reform_act_Feb_1996.htmlhttp://www.cms.hhs.gov/manuals/downloads/117_systems_security.pdfhttp://wedi.org/cmsUploads/pdfUpload/WEDIBulletin/pub/Copy_of_CSR_HIPAAMatrixFeb05final.pdfhttp://www.cms.hhs.gov/informationsecurity/downloads/IS_RA_Procedure.pdfhttp://www.isaca.org/Content/NavigationMenu/Members_and_Leaders/COBIT6/Obtain_COBIT/Obtain_COBIT.htmhttp://www.isaca.org/Content/NavigationMenu/Members_and_Leaders/COBIT6/Obtain_COBIT/Obtain_COBIT.htmhttp://alisondb.legislature.state.al.us/acas/CodeOfAlabama/1975/147638.htmhttp://www.ecgi.org/codes/documents/singapore_ccg_2005.pdfhttp://www.state.co.us/gov_dir/leg_dir/olls/sl2004a/sl_205.htmhttp://www.michie.com/colorado/lpext.dll/cocode/2/98ff/9921/9923/9cc7/9dbf?f=templates&fn=document-frame.htm&2.0#JD_6-1-713http://www.state.co.us/gov_dir/leg_dir/olls/sl2004a/sl_393.htmhttp://www.state.co.us/gov_dir/leg_dir/olls/sl2004a/sl_365.htmhttp://www.michie.com/colorado/lpext.dll?f=templates&fn=main-h.htm&cp=http://www.michie.com/colorado/lpext.dll/cocode/2/29af3/29b24/2a406/2a420/2a43e?f=templates&fn=document-frame.htm&2.0#JD_16-5-103http://www.law.cornell.edu/uscode/18/1030.htmlhttp://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdfhttp://www.cga.ct.gov/2004/act/Pa/2004PA-00119-R00HB-05184-PA.htmhttp://www.cga.ct.gov/2005/act/Pa/2005PA-00148-R00SB-00650-PA.htmhttp://www.cga.ct.gov/2008/ACT/Pa/pdf/2008PA-00167-R00HB-05658-PA.pdfhttp://www.cga.ct.gov/2009/pub/chap669.htm#Sec36a-701b.htmhttp://en.itst.dk/numbering-issues-and-domain-aspects/legal-mattershttp://csrc.nist.gov/publications/nistpubs/800-34/sp800-34.pdfhttp://www.spamlaws.com/f/pdf/pl108-187.pdfhttp://www.bseindia.com/downloads/CorpGov281004.ziphttp://net.educause.edu/ir/library/pdf/CSD3661.pdfhttp://www.comlaw.gov.au/comlaw/management.nsf/lookupindexpagesbyid/IP200402596?OpenDocumenthttps://www.cpa2biz.com/CS2000/Products/CPA2BIZ/Publications/COSO+Enterprise+Risk+Management+-+Integrated+Framework.htmhttp://www.pac-am.com/docs/CTPATBestPractices.pdfhttp://www.cbp.gov/xp/cgov/trade/cargo_security/ctpat/security_criteria/criteria_importers/ctpat_importer_criteria.xmlhttp://ec.europa.eu/justice_home/fsj/privacy/docs/implementation/czech_republic_act_101_en.pdfhttp://www.dhs.gov/xlibrary/assets/DIB_SSP_5_21_07.pdfhttp://iase.disa.mil/stigs/stig/UNISYS-STIG-V7R2.dochttp://iase.disa.mil/stigs/stig/unix-stig-v5r1.pdfhttp://delcode.delaware.gov/title6/c012b/index.shtmlhttp://en.vtu.dk/acts/act-on-competitive-conditions-and-consumer-interest-in-the-telecommunications-market-a7114http://www.datatilsynet.dk/english/the-act-on-processing-of-personal-data/http://jitc.fhu.disa.mil/recmgt/p50152s2.pdfhttp://www.the-dma.org/privacy/index.shtmlhttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTMLhttp://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:041:0026:0032:EN:PDFhttp://www.cdt.org/privacy/eudirective/EU_Directive_.htmlhttp://iase.disa.mil/stigs/stig/src-stig-v1r2.pdfhttp://iase.disa.mil/stigs/stig/win2k-XP-03-vista-addendumv6r1-052107.dochttp://iase.disa.mil/stigs/stig/win2k-XP-03-vista-addendumv6r1-052107.dochttp://iase.disa.mil/stigs/checklist/windows_xp_checklist_v6r1-11_20090424.ziphttp://iase.disa.mil/stigs/stig/wireless_stig_v5r2.pdfhttp://iase.disa.mil/stigs/checklist/wireless_stig_good_mobile_messaging_checklist_v5r2-3_final_14apr2009.pdfhttp://www.nfpa.org/assets/files/pdf/nfpa1600.pdfhttp://www.dccouncil.washington.dc.us/images/00001/20061218135855.pdfhttp://transit-safety.volpe.dot.gov/training/Archived/EPSSeminarReg/CD/Documents/OHIO_DOT/physicalsecurity.dochttp://www.fdic.gov/regulations/laws/rules/6500-2900.htmlhttp://www.8th-company-law-directive.com/8thCompanyLaw.htmhttp://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_public_laws&docid=f:publ159.108http://www.ftc.gov/os/statutes/031224fcra.pdfhttp://nvd.nist.gov/chklst_detail.cfm?config_id=171http://csrc.nist.gov/drivers/documents/FISMA-final.pdfhttp://www.gao.gov/new.items/d09232g.pdfhttp://www.law.cornell.edu/rules/frcp/http://www.ferc.gov/industries/hydropower/safety/guidelines/security/securitytext.pdfhttp://www.ffiec.gov/pdf/authentication_guidance.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/audit/audit.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/bcp/bus_continuity_plan.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/d_a/d_and_a.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/e_banking/e_banking.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/information_security/information_security.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/mang/mang.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/operations/operation.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/outsourcing/Outsourcing_Booklet.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/Retail/retail.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/tsp/tech_ser_provider.pdfhttp://www.ffiec.gov/ffiecinfobase/booklets/Wholesale/whole.pdfhttp://www.frc.org.uk/documents/pagemanager/frc/Combined_Code_June_2008/Combined%20Code%20Web%20Optimized%20June%202008(2).pdfhttp://www.tietosuoja.fi/uploads/p9qzq7zr3xxmm9j.rtfhttp://www.finlex.fi/en/laki/kaannokset/2004/en20040516.pdfhttp://www.tietosuoja.fi/uploads/hopxtvf.HTMhttp://csrc.nist.gov/publications/fips/fips140-2/Fips140-2.ziphttp://csrc.nist.gov/publications/fips/fips191/fips191.pdfhttp://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdfhttp://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdfhttp://www.myfloridahouse.gov/Sections/Bills/billsdetail.aspx?BillId=15974http://www.leg.state.fl.us/statutes/index.cfm?mode=View%20Statutes&SubMenu=1&App_mode=Display_Statute&Search_String=breach+of+security&URL=CH0817/Sec5681.HTMhttp://www.cnil.fr/fileadmin/documents/en/Act78-17VA.pdfhttp://www.ftc.gov/os/2001/06/esign7.htmhttp://www.finra.org/Industry/Issues/CustomerInformationProtection/p118480http://www.gao.gov/special.pubs/gaopcie/http://www.mass.gov/legis/laws/mgl/gl-93h-toc.htmhttp://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdfhttp://www.legis.state.ga.us/legis/2005_06/fulltext/sb230.htmhttp://www.legis.state.ga.us/legis/2005_06/fulltext/hb656.htmhttp://www.corporate-governance-code.de/eng/download/E_Kodex%202008_final.pdfhttp://www.bdd.de/Download/bdsg_eng.pdf

https://www.datenschutzzentrum.de/material/recht/eu-datenschutzrichlinie-eng.htm

https://www.datenschutzzentrum.de/material/recht/bdsg.htm

https://www.datenschutzzentrum.de/material/recht/ldsg-eng.htm http://www.ftc.gov/privacy/glbact/glbsub1.htmhttp://www.dpa.gr/pls/portal/docs/PAGE/APDPX/ENGLISH_INDEX/LEGAL%20FRAMEWORK/LAW%203471-2006-EN.PDFhttp://www.cdc.gov/niosh/docs/2002-139/pdfs/2002-139.pdfhttp://csrc.nist.gov/itsec/SP800-68r1.pdfhttp://csrc.nist.gov/publications/nistpubs/800-53A/SP800-53A-final-sz.pdfhttp://csrc.nist.gov/publications/drafts.html#sp800-80http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdfhttp://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol2-Rev1.pdfhttp://csrc.nist.gov/publications/drafts/800-122/Draft-SP800-122.pdfhttp://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdfhttp://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdfhttp://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdfhttp://www.capitol.hawaii.gov/hrscurrent/Vol11_Ch0476-0490/HRS0487N/http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdfhttp://csrc.nist.gov/groups/SMA/fasp/documents/policy_procedure/internet_policy.pdfhttp://www.pco.org.hk/textonly/english/ordinance/section_01.htmlhttp://abiweb.obh.hu/dpc/index.php?menu=gyoker/relevant/national/1992_LXIIIhttp://www.personuvernd.is/information-in-english/greinar//nr/438http://www3.state.id.us/idstat/TOC/28051KTOC.htmlhttp://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdfhttp://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag1/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag2/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag3/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag4/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag5/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag6/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag7/http://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gtag/gtag8/http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=2702&ChapAct=815%26nbsp%3BILCS%26nbsp%3B530%2F&ChapterID=67&ChapterName=BUSINESS+TRANSACTIONS&ActName=Personal+Information+Protection+Act%2Ehttp://www.ilga.gov/legislation/publicacts/fulltext.asp?Name=094-0036http://www.cfoc.gov/index.cfm?function=specdoc&id=Implementation%20Guide%20for%20OMB%20Circular%20A-123&structure=OMB%20Documents%20and%20Guidance&category=Guideshttp://www.naavi.org/ita_2006/compare_ita2000_vs_ita2006/index.htmhttp://www.in.gov/legislative/ic/code/title24/ar4.9/http://www.in.gov/legislative/ic/code/title4/ar1/ch11.htmlhttp://www.in.gov/legislative/bills/2005/SE/SE0503.1.htmlhttp://www.iwar.org.uk/comsec/resources/standards/itsec.htmhttp://www.bsi.bund.de/zertifiz/itkrit/itsem-en.pdfhttp://www.occ.treas.gov/ftp/alert/2000-1.txthttp://coolice.legis.state.ia.us/Cool-ICE/default.asp?category=billinfo&service=IowaCode&ga=83&input=614#614.4Ahttp://www.legis.state.ia.us/IACODE/2001SUPPLEMENT/714/16B.htmlhttp://coolice.legis.state.ia.us/Cool-ICE/default.asp?category=billinfo&service=IowaCode&ga=83http://www.dataprotection.ie/documents/legal/DPAConsolMay09.pdfhttp://www.irishstatutebook.ie/1988/en/act/pub/0025/index.htmlhttp://www.irishstatutebook.ie/2003/en/act/pub/0006/index.htmlhttp://www.irs.gov/pub/irs-pdf/p1075.pdfhttp://www.unclefed.com/Tax-Bulls/1998/rp98-25.pdfhttp://www.recapinc.com/irs_97-22.htmhttp://www.isaca.org/Template.cfm?Section=Home&CONTENTID=17226&TEMPLATE=/ContentManagement/ContentDisplay.cfmhttp://www.isaca.org/AMTemplate.cfm?Section=Standards2&Template=/ContentManagement/ContentDisplay.cfm&ContentID=27785 https://www.isfsecuritystandard.com/SOGP07/index.htmhttp://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=31908http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=35845http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39066http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=21756http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=29240http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=31142http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=40612&ICS1=35&ICS2=40&ICS3=http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=46414http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=46413http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40&ICS3=http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40&ICS3=http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=46412http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=46412http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=41332http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=41333http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=42103&ICS1=35&ICS2=40&ICS3http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50297http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=34998http://all.net/books/standards/GAISP-v30.pdfhttp://www.iwar.org.uk/comsec/resources/standards/germany/itbpm/menue.htmhttp://20000.standardsdirect.org/http://20000.standardsdirect.org/http://www.garanteprivacy.it/garante/document?ID=311066http://www.euroacustici.org/eng/Privacy.pdfhttp://www5.cao.go.jp/seikatsu/kojin/foreign/act.pdfhttp://www.ecom.jp/ecom_e/report/full/personal.pdfhttp://www.meti.go.jp/english/information/downloadfiles/Taro9-eng.pdfhttp://kansasstatutes.lesterama.org/Chapter_50/Article_7a/http://www.lrc.ky.gov/KRS/015-00/113.PDFhttp://www.lrc.ky.gov/KRS/411-00/210.PDFhttp://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN025694.pdfhttp://www.glin.gov/view.action?glinID=202097http://www.glin.gov/view.action?glinID=99460http://www.cnpd.lu/objets/en/doc_loi02082002mod_en.pdf#zoom=125,0,0http://leahy.senate.gov/press/200506/062905a.htmlhttp://www.ada.lt/images/cms/File/pers.data.prot.law.pdfhttp://www.legis.state.la.us/lss/lss.asp?doc=322029http://www.mainelegislature.org/legis/statutes/10/title10ch210-Bsec0.htmlhttp://www.michie.com/maryland/lpext.dll?f=templates&fn=main-h.htm&cp=mdcodehttp://www.mass.gov/Eoca/docs/idtheft/201CMR17amended.pdfhttp://www.powerpay.biz/docs/risk/MC_best_practices_online.pdfhttp://www.mastercard.com/us/sdp/assets/pdf/wl_entire_manual.pdfhttps://www.agpd.es/upload/English_Resources/Mexico_declaration.pdfhttp://legislature.mi.gov/doc.aspx?mcl-Act-452-of-2004http://msdn.microsoft.com/en-us/library/ms721607(VS.85).aspxhttp://technet.microsoft.com/en-us/bb629420.aspxhttps://www.revisor.leg.state.mn.us/bin/bldbill.php?bill=H1758.4.html&session=ls85http://www.revisor.leg.state.mn.us/data/revisor/statute/2008/013/2008-13.055.pdfhttps://www.revisor.leg.state.mn.us/statutes/?id=325E.61#stat.325E.61https://www.revisor.leg.state.mn.us/statutes/?id=325E.64http://www.moga.mo.gov/statutes/c400-499/4070001500.htmhttp://data.opi.state.mt.us/BILLS/2005/BillPDF/HB0732.pdfhttp://data.opi.state.mt.us/bills/mca_toc/30_14_17.htmhttp://data.opi.state.mt.us/bills/mca/45/6/45-6-332.htmhttp://iase.disa.mil/stigs/checklist/span_mfd_checklist_v1r1-3_04_15_2009.pdfhttp://onlinestore.cch.com/default.asp?ProductID=1926http://www.fema.gov/pdf/emergency/nims/NIMS_core.pdfhttp://www.legislature.ne.gov/laws/browse-chapters.php?chapter=87http://www.dutchdpa.nl/downloads_wetten/wbp.pdf?refer=true&theme=purplehttp://www.leg.state.nv.us/NRS/NRS-603A.htmlhttp://www.leg.state.nv.us/73rd/bills/SB/SB347_EN.pdfhttp://www.gencourt.state.nh.us/rsa/html/XXXI/359-C/359-C-mrg.htmhttp://www.njleg.state.nj.us/2004/Bills/A3500/4001_I1.PDFhttp://www.njleg.state.nj.us/2004/Bills/PL05/226_.HTMhttp://it.rockefeller.edu/pdf/disposal.pdfhttp://www.cscic.state.ny.us/security/securitybreach/http://www.cscic.state.ny.us/lib/laws/documents/899-aa.pdfhttp://www.legislation.govt.nz/act/public/1993/0028/latest/DLM296639.htmlhttp://www.dtic.mil/whs/directives/corres/html/522022m.htmhttp://nvd.nist.gov/chklst_detail.cfm?config_id=148http://www.nerc.com/page.php?cid=2%7C20http://www.ncleg.net/Sessions/2005/Bills/Senate/PDF/S1048v2.pdfhttp://www.ncga.state.nc.us/EnactedLegislation/Statutes/HTML/ByArticle/Chapter_75/Article_2A.htmlhttp://www.legis.nd.gov/cencode/t51c30.pdfhttp://www.legis.nd.gov/assembly/59-2005/bill-text/FRBS0500.pdfhttp://www.nsa.gov/ia/_files/os/win2k/w2k_group_policy.pdfhttp://www.nsa.gov/ia/_files/os/winxp/Windows_XP_Security_Guide_v2.2.ziphttp://nysemanual.nyse.com/lcm/http://www.infragard.net/library/pdfs/technologyrisklist.pdfhttp://www.oecd.org/document/18/0,2340,en_17642234_17642806_1815186_1_1_1_1,00.htmlhttp://www.oecd.org/DATAOECD/32/18/31557724.pdfhttp://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/ITIL-Version-2/?DI=610977#GEMS6449817http://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/ITIL-Version-2/?DI=610977#GEMS6449815http://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/ITIL-Version-2/?DI=610977#GEMS6449809http://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/ITIL-Version-2/?DI=610977#GEMS6449811http://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/ITIL-Version-2/?DI=610977#GEMS6449807http://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/ITIL-Version-2/?DI=610977#GEMS6449805http://www.legislature.state.oh.us/BillText126/126_HB_104_EN_N.pdfhttp://codes.ohio.gov/orc/1347.12http://codes.ohio.gov/orc/1349.19http://www.oar.state.ok.us/oar/codedoc02.nsf/All/0941DE046451FFD3862575F400119991?OpenDocumenthttp://www2.lsb.state.ok.us/os/os_74-3113.1.rtfhttp://www.whitehouse.gov/OMB/circulars/a123/a123_rev.htmlhttp://www.leg.state.or.us/07reg/measpdf/sb0500.dir/sb0583.b.pdfhttp://www.leg.state.or.us/ors/646a.htmlhttps://www.agpd.es/upload/Ley%20Org%E1nica%2015-99_ingles.pdfhttps://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdfhttps://www.pcisecuritystandards.org/docs/pci_saq_a.dochttps://www.pcisecuritystandards.org/docs/pci_saq_b.dochttps://www.pcisecuritystandards.org/docs/pci_saq_c.dochttps://www.pcisecuritystandards.org/docs/pci_saq_d.dochttps://www.pcisecuritystandards.org/security_standards/pci_dss_download_agreement.htmlhttps://www.pcisecuritystandards.org/pdfs/pci_pa-dss_security_audit_procedures_v1-1.pdfhttps://www.pcisecuritystandards.org/docs/saq_a_v1-1.dochttps://www.pcisecuritystandards.org/docs/saq_b_v1-1.dochttps://www.pcisecuritystandards.org/docs/saq_c_v1-1.dochttps://www.pcisecuritystandards.org/docs/saq_d_v1-1.dochttp://www.pcaobus.org/Rules/Rules_of_the_Board/Auditing_Standard_2.pdfhttp://www.pcaobus.org/Rules/Rules_of_the_Board/Auditing_Standard_3.pdfhttp://www.pcaobus.org/Rules/Rules_of_the_Board/Auditing_Standard_5.pdfhttps://www.pcisecuritystandards.org/security_standards/pci_dss_download_agreement.htmlhttps://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdfhttp://www.schwartzandballen.com/ImportedLawsBills/Pennsylvania%20Security%20Breach.pdfhttp://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdfhttp://www.giodo.gov.pl/plik/id_p/61/j/en/http://www.cnpd.pt/english/bin/legislation/Law6798EN.HTMhttp://www.protectionofassets.com/http://www.schwartzandballen.com/ImportedDocs/Puerto%20Rico%20security%20breach.pdfhttp://csrc.nist.gov/publications/nistpubs/800-53-Rev2/sp800-53-rev2_pdf.ziphttp://www.americanchemistry.com/securitycode_pdfhttp://apps.leg.wa.gov/RCW/default.aspx?cite=19.215http://apps.leg.wa.gov/RCW/default.aspx?cite=19.255.010http://www.rilin.state.ri.us/statutes/TITLE11/11-49.2/INDEX.HTMhttp://www.rilin.state.ri.us/Billtext/BillText05/HouseText05/H6191.pdfhttp://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdfhttp://www.aicpa.org/download/members/div/auditstd/AU-00314.PDFhttp://www.aicpa.org/download/members/div/auditstd/AU-00318.PDFhttp://uscode.house.gov/download/pls/15C2A.txthttp://uscode.house.gov/download/pls/15C2B.txthttp://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdfhttp://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdfhttp://csrc.nist.gov/publications/nistpubs/800-26/sp800-26.pdfhttp://www.dataprotection.gov.sk/buxus/docs/act_428.pdfhttp://www.frc.org.uk/documents/pagemanager/frc/The%20Smith%20Guidance%20on%20Audit%20Committees%20June%202006.pdfhttp://www.scstatehouse.gov/code/t01c011.htmhttp://www.scstatehouse.gov/code/t39c001.htmhttp://www.azgita.gov/policies_standards/pdf/P800-S880%20Media%20San+Disp.pdfhttp://info.sen.ca.gov/cgi-bin/postquery?bill_number=sb_1633&sess=0304&house=B&site=senhttp://www.sweden.gov.se/content/1/c6/01/55/42/b451922d.pdfhttp://www.sweden.gov.se/download/f8334504.pdf?major=1&minor=26296&cn=attachmentPublDuplicator_0_attachmenthttp://www.dataprotection.eu/pmwiki/pmwiki.php?n=Main.CHhttp://www.cms.hhs.gov/informationsecurity/downloads/SSP_Procedure.pdfhttp://www.ics.uci.edu/~kobsa/privacy/Taiwan1.htmhttp://www.occ.treas.gov/ftp/bulletin/98-3.txthttp://www.michie.com/tennessee/lpext.dll?f=templates&fn=main-h.htm&cp=tncodehttp://tennessee.gov/sos/acts/104/pub/pc0473.pdf http://www.hro.house.state.tx.us/PDF/ba80r/HB3222.PDFhttp://www.statutes.legis.state.tx.us/Docs/BC/pdf/BC.521.pdfhttp://www.bakers-legal-pages.com/leg2005/bills/sb00122f.htmhttp://www.naa.gov.au/records-management/publications/dirks-manual.aspxhttp://www.ecgi.org/codes/documents/cg_code_nl_en.pdfhttp://www.theiia.org/guidance/standards-and-guidance/ippf/practice-guides/gait/gait-m/http://www.ecgi.org/codes/documents/executive_summary.pdfhttp://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdfhttp://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3763enr.tst.pdfhttp://www.thesedonaconference.org/dltForm?did=7_05TSP.pdfhttps://www.isfsecuritystandard.com/SOGP07/index.htmhttp://www.tsa.gov/assets/pdf/49_USC_Chapters_401_to_501.pdfhttp://www.tsa.gov/assets/pdf/security_guidelines_for_general_aviation_airports.pdfhttp://www.frc.org.uk/documents/pagemanager/frc/Revised%20Turnbull%20Guidance%20October%202005.pdfhttp://www.opsi.gov.uk/acts/acts1998/ukpga_19980029_en_1http://www.worldlii.org/int/other/PrivLRes/1990/1.htmlhttp://csrc.nist.gov/publications/nistpubs/800-33/sp800-33.pdfhttp://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htmhttp://www.law.upenn.edu/bll/ulc/ure/evid1200.htmhttp://www.export.gov/safeharbor/index.asphttp://cio.energy.gov/CS-11_Clearing_and_Media_Sanitization_Guidance.pdfhttp://www.gpo.gov/bis/ear/ear_data.htmlhttp://www.pmddtc.state.gov/regulations_laws/itar_official.htmlhttp://le.utah.gov/~code/TITLE13/13_44.htmhttp://www.leg.state.vt.us/docs/legdoc.cfm?URL=/docs/2004/acts/ACT155.HTMhttp://www.leg.state.vt.us/statutes/fullchapter.cfm?Title=09&Chapter=062http://www.michie.com/virginislands/lpext.dll?f=templates&fn=main-h.htm&cp=vicodehttp://leg1.state.va.us/000/cod/18.2-186.6.HTMhttp://leg1.state.va.us/cgi-bin/legp504.exe?041+ful+CHAP0450http://usa.visa.com/download/merchants/cisp_what_to_do_if_compromised.pdfhttp://corporate.visa.com/_media/best-practices.pdfhttp://usa.visa.com/download/merchants/visa_risk_management_guide_ecommerce.pdfhttp://www.visa-asia.com/ap/center/merchants/riskmgmt/includes/uploads/VisaAP_Inc_Resp_Procedv1_2_2004.pdfhttp://usa.visa.com/download/merchants/cisp_payment_application_best_practices.dochttp://www.dccouncil.washington.dc.us/images/00001/20061218135855.pdfhttp://www.leg.wa.gov/pub/billinfo/2005-06/Htm/Bills/Senate%20Bills/6043-S.htmhttp://www.legis.state.wv.us/WVCODE/Code.cfm?chap=46a&art=2A#2Ahttp://www.legis.state.wi.us/2005/data/acts/05act138.pdfwww.legis.state.wi.us/statutes/Stat0134.pdfhttp://legisweb.state.wy.us/statutes/statutes.aspx?file=titles/Title40/Title40.htm




Похожие:

Microsoft System Center Process Pack for it grc release Notes icon2007 Microsoft Office System Service Pack 1

Microsoft System Center Process Pack for it grc release Notes iconDeveloping a process Reengineering-oriented Organizational Change Exploratory Simulation System (process)

Microsoft System Center Process Pack for it grc release Notes iconRelease Notes q framework 9 Новые возможности
Возможность использовать popup-окна редактирования статей из пользовательских вкладок
Microsoft System Center Process Pack for it grc release Notes iconEVault InfoStage Agent 64-bit and Plug-Ins for Windows Version 10. 2430 Release Notes, February 20th, 2008

Microsoft System Center Process Pack for it grc release Notes iconR/3 System Release 46B 30. 10. 2000
Разработка с использованием abap-инструментальных средств (упражнения) 28
Microsoft System Center Process Pack for it grc release Notes iconTitle of Project: Water System Design for the Pantanal Center for Education and Research

Microsoft System Center Process Pack for it grc release Notes iconCommercial release of canola genetically modified for herbicide tolerance and a hybrid breeding system (InVigor® X Roundup Ready® canola)

Microsoft System Center Process Pack for it grc release Notes iconDesign and testing requirements for server, desktop, and mobile systems and devices that run the Microsoft Windows family of operating system

Microsoft System Center Process Pack for it grc release Notes iconDesign and testing requirements for server, desktop, and mobile systems and devices that run the Microsoft Windows family of operating system

Microsoft System Center Process Pack for it grc release Notes iconСтатьи : Automation system of dental clinic work with using the project and process approaches to management
Автоматизация управления стоматологической организацией с использованием методов проектного и процессного управления
Разместите кнопку на своём сайте:
Библиотека


База данных защищена авторским правом ©lib.znate.ru 2014
обратиться к администрации
Библиотека
Главная страница