There are different types of frameworks covered in the Security + exam, and these are listed here:
- Regulatory: Regulatory frameworks are based on statute law and governmental regulations that companies must abide by them at all times. Failure to do so will result in a regulatory fine.
- Example 1: The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. Companies within the European Union can be fined 4% of their annual turnover, up to €20 million.
- Example 2: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is United States' legislation ...