1: What are cybersecurity "standards"? Who creates them? 2: What are cybersecurity "practices" and "guidelines"? How do they differ from standards? 3:What is a cybersecurity "framework"? How can they be useful? 4:Under what circumstances can cybersecurity standards, practices and guidelines, and frameworks have the force of law? 5.: What is PCI-DSS and how is it enforced?

1. Karen Scarfone, Dan Begini, and Tim Grance, "Cyber Security Standards," National Institute of Standards and Technology (NIST), June 2009 2. PCI-DSS, Quick Reference Guide, V. 3.2.1 (excerpted) 3. SEI Cyber Hygiene 11 Essential Practices 4. The Fair Information Practice Principles" in Federal Trade Commission, "Online Privacy: A Report to Congress," June 1998 (excerpted) 5. Ann Cavoukian, "Privacy By Design: The 7 Foundational Principles," January 2011 6. NIST, An Introduction to the Components of the NIST Cybersecurity Framework, May 14, 2021 7. Jaikumar Vijayan , "New NIST Cybersecurity Standards Could Pose Liability Risks," Computer World, October 11, 2013