Security regulatory compliance beginner

codeacecodeace Member Posts: 38 ■■□□□□□□□□
Morning folks!

Most InfoSec job postings require that I have substantial knowledge on regulatory compliance standards. What am I expected to know?

Any good place to start with learning about SOX / PCI etc?
Everything happens for a good reason! Don't question it. Just accept it :)

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    It depends on the industry. GLBA for financial, HIPPA for healthcare, SOX for auditing, etc. PCI is more general and applies to merchants who accept card payments.

    If you don't have any preference, I'd gain a high-level overview of all of them, and if it every comes up in an interview, just stress your willingness to learn the details.
  • JDMurrayJDMurray Admin Posts: 13,091 Admin
    There are some good SOX and PCI discussions and references to materials on LinkedIn.com.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    All my training was usually on the job. Auditors used to give us huge volumes to go over and then we'd get updates via dvd usually. HIPPA and SOX I learned while working for a pharma company and PCI at my latest gig. CISA type stuff just more focused. Most don't need you to memorize the details they just want to know that you've either worked in a company that follows the procedures or you understand what the standards are for and why they're currently used. They'll train you as to how the standards apply to them personally.
Sign In or Register to comment.