Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 81

If the organization for which you are performing a penetration test is conducting a pentest to be in compliance with industry regulations, you may need to meet strict requirements when performing the assessment. It is important as a penetration tester to become familiar with the requirements of a compliance-based assessment. Know that the requirements are different in every industry, as they depend on the laws or regulations that govern each industry. Following are examples of industry-specific laws or regulations an organization must follow based on the industry the organization operates in:

 Health Insurance Portability and Accountability Act (HIPAA), which controls the handling of health records.

 Family Educational Rights and Privacy Act (FERPA), which allows parents access to educational records of their child.

 Payment Card Industry Data Security Standard (PCI DSS), which secures debit and credit card information.

 General Data Protection Regulation (GDPR), which is a regulation that covers the collection and protection of personal data in the European Union (EU). GDPR is also a regulation that includes laws surrounding the transfer of personal data to areas outside of Europe.