Information systems have become rampant in current times, and by default, the use of such technology has been widespread to manage countless items of personal and organizational data. Indeed, this data may contain elements such as organizational proprietary information, financial information, and/or personal information that, in the hands of others, may be harmful to the data owner. Organizations are known to rely and have become increasingly dependent on technology to conduct business operations (Herath, Herath, & Bremser, 2010). As a result, security measures are needed to protect organizational information from both internal and external entities of an organization. The safety and security of organizational information is constantly under threat and mitigation measures are needed to ensure information is protected from unauthorized users. Additionally, government agencies have developed regulations that impose the minimum standards organizations need to protect information. Additionally, organizations such as the Information Systems Audit and Control Association, otherwise known as ISACA, have developed frameworks and communicate best practices that assist an organization in developing and implementing tailored security control measures to protect organizational information from threats to cybersecurity. The author will provide the reader with a brief synopsis of the Federal Information Security Management Act (FISMA) of 2002 and the Gramm-Leach-Bliley Act (GLBA) and other security regulations that address information protection and risk management. Furthermore, the author will provide a comparative analysis between FISMA and GLBA. Finally, a summary will be offered that describes the differences that occurred before and after the government regulations went into effect and will provide a framework