Glossary

What is the NACD?

The National Association of Corporate Directors (NACD) is a non-profit organization in the United States that provides education and networking opportunities for corporate board members.

What is the NYDFS cybersecurity regulation?

The NYDFS Cybersecurity Regulation (also known as NYDFS 23 NYCRR 500) is a set of requirements imposed by the New York State Department of Financial Services (NYDFS) on financial services companies operating in New York. These regulations aim to enhance cybersecurity practices and protect consumer data by requiring covered entities to implement specific measures such as risk assessments, penetration testing, incident response planning, and multi-factor authentication.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a privacy law that came into effect in May 2018. It governs the collection, storage, and use of personal data of individuals within the European Union (EU). The GDPR sets strict rules for companies on how they collect, store, and process personal data, and gives European citizens increased control over their personal data. It also imposes significant fines for non-compliance. The GDPR applies to any organization operating within the EU, as well as to organizations outside the EU if they offer goods or services to individuals within the EU.

What is the CCPA?

The California Consumer Privacy Act (CCPA) is a privacy law that came into effect in January 2020. It gives residents of the State of California the right to know what personal information businesses are collecting about them, the right to request that their personal information be deleted, and the right to opt-out of the sale of their personal information. Organizations that are subject to the CCPA must support California residents in executing The CCPA applies to any organization that meets certain criteria such as having annual gross revenues over $25 million, buying, receiving, selling or sharing the personal information of 50,000 or more California residents, households or devices per year.

What is the CPRA?

The California Privacy Rights Act (CPRA) is a privacy law that came into effect in January 2023. The CPRA amends the California Consumer Privacy Act (CCPA) by granting California residents additional rights over their personal information, including the right to limit the use of sensitive personal information, the right to know the specific pieces of personal information that businesses have collected about them, and the right to request that a business not discriminate against them for exercising their privacy rights. The CPRA also requires businesses to implement stronger security measures to protect personal information and establishes a California Privacy Protection Agency to enforce privacy rights.

What is the PCI DSS?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. PCI DSS was created by major credit card companies (Visa, Mastercard, American Express, Discover, and JCB) to increase controls around cardholder data and reduce credit card fraud. The standard requires organizations to maintain secure networks, protect cardholder data, regularly monitor and test security systems and processes, and maintain information security policies. Any company that accepts credit card payments must comply with PCI DSS, and failure to comply can result in fines and loss of the ability to process credit card transactions.

What is the NIST CSF?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a set of guidelines and best practices for managing and reducing cybersecurity risk. Developed by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the U.S. Department of Commerce, the NIST Cybersecurity Framework provides a common language for organizations to describe their cybersecurity posture and helps organizations align their cybersecurity efforts with their overall business goals and risk management strategies. The framework is designed to be flexible and customizable to meet the needs of different types of organizations, and provides a roadmap for continuous improvement of an organization’s cybersecurity practices.

What is the CISA?

CISA stands for the Cybersecurity and Infrastructure Security Agency, which is an agency within the US Department of Homeland Security (DHS) focused on protecting the nation’s critical infrastructure from physical and cyber threats.

What is the HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act, which is a US federal law that sets national standards for protecting the privacy and security of individuals’ health information. It applies to health plans, healthcare clearinghouses, and certain healthcare providers.

What is the CIRCIA?

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a federal law aimed at improving the reporting and response to cyber incidents affecting the US critical infrastructure. The act seeks to establish a clear and consistent framework for reporting cyber incidents, and to improve coordination among federal agencies and the private sector to respond to and mitigate the impact of such incidents.