1. The NIST (National Institute of Standards and Technology) Cybersecurity Framework is a widely recognized set of guidelines, standards, and best practices designed to help organizations manage and reduce cybersecurity risks. The framework was developed through collaboration between industry, government, and academia, and is based on existing standards, guidelines, and practices.
The NIST Cybersecurity Framework
consists of three main components: the Core, Implementation Tiers, and
Profiles.
The Core provides a set of
activities and outcomes that are designed to help organizations manage
cybersecurity risks. The activities are grouped into five functions: Identify,
Protect, Detect, Respond, and Recover.
The Implementation Tiers help
organizations determine the level of rigor and sophistication of their
cybersecurity practices. There are four tiers: Partial, Risk Informed,
Repeatable, and Adaptive.
Profiles allow organizations to
customize the Framework to meet their specific needs, by selecting and
prioritizing the Core functions and categories of security controls.
Overall, the NIST Cybersecurity
Framework is a flexible and adaptable tool that can help organizations of all
sizes and sectors improve their cybersecurity posture.
2. 2. ISO 27001 and 27002- establish the requirements and procedures for an information security management system (ISMS). Having an ISMS in place is a crucial audit and compliance activity. ISO 27002 is intended to be used as a guide for selecting security controls as part of the process of adopting an ISO 27001-based Information Security Management System (ISMS). 27002 specifies the code of practice for developing ISMS controls.
3. 3. HITRUST Common Security Framework - Risk analysis and risk management frameworks, as well as operational requirements, are all part of the HITRUST Common Security Framework. The framework is made up of 14 different control categories and may be used in practically any company, including healthcare.
4. 4. GDPR - GDPR is a set of security rules that must be implemented by global businesses in order to preserve the security and privacy of EU citizens' personal data. Controls for prohibiting illegal access to stored data, as well as access control methods such as least privilege, role-based access, and multifactor authentication, are all required by GDPR.
5. 5. CIS - A voluntary expert alliance created CIS in the late 2000s to develop a framework for defending businesses against cybersecurity risks. It consists of 20 controls that are updated on a regular basis by specialists from all fields–government, academia, and industry–in order to keep abreast and on top of cybersecurity risks.
6. 6. FISMA - The Federal Information Security Management Act (FISMA) is a United States law that requires federal agencies, state agencies, and private government contractors to establish, document, and implement an information security and protection policy. FISMA regulates information security, which it defines as “protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.”
7. 7. NERC-CIP -These are the mandatory security standards that apply to entities who own or administer facilities that are connected to the electric power grids in the United States and Canada.
8. 8. HIPA - The Health Insurance Portability and Accountability Act (HIPAA) is the law that governs the protection of sensitive patient data. To achieve HIPAA compliance, businesses that deal with protected health information (PHI) must have physical, network, and procedural security measures in place and follow them.
9. 9. PCI DSS - PCI DSS is the worldwide Payment Card Industry Data Security Standard. It was initiated to ensure businesses process card payments were secure, as well as to help reduce card fraud.
0 Comments