Re: Privacy and security laws and regs

[Morrow Long <morrow.long () YALE EDU>]

Almost everything I've found freely available is out of date (e.g.
dated 2005-2006).

There is a Symantec wall chart with a cross-walk from 2006 with PDF
available.

        `A short sample:
        http://www.compliancehome.com/symantec/Sample_of_IT_Controls_Poster.pdf

        To download the full poster you need to register at:
        http://www.compliancehome.com/symantec/request.html

A site named ITC[ompliance] apparently also made a cross-walk in 2007
but went out of business.

There was talk of Educause doing an IT Compliance cross-walk of
regulation and security standards.
I don't know what the state of that might be.

There are several commercial products with IT Compliance cross-walks
(Cross-references)
available as part of for-pay websites, consulting and built into IT
GRC (Governance, Risk and
Compliance) software products.
        
The following site has Unified Compliance Excel spreadsheets available
for sale:
http://www.unifiedcompliance.com/it_impact_zones/unified_compliance_framework_s.html


H. Morrow Long
University Information Security Officer
Yale University, ITS




On Apr 12, 2009, at 10:50 AM, Melissa Guenther wrote:

> Does anyone know of a comprehensive listing for all US Data privacy
> Rules and Regulations?
> Thank you in advance.
> Melissa
>
> <image001.jpg>
>
>
> Promoting Security and Privacy through Awareness
> Melissa Guenther, LLC