The security frameworks

 

ISO 27001 and 27002- establish the requirements and procedures for an information security management system (ISMS). Having an ISMS in place is a crucial audit and compliance activity. ISO 27002 is intended to be used as a guide for selecting security controls as part of the process of adopting an ISO 27001-based Information Security Management System (ISMS). 27002 specifies the code of practice for developing ISMS controls.

HITRUST Common Security Framework - Risk analysis and risk management frameworks, as well as operational requirements, are all part of the HITRUST Common Security Framework. The framework is made up of 14 different control categories and may be used in practically any company, including healthcare.

 

GDPR - GDPR is a set of security rules that must be implemented by global businesses in order to preserve the security and privacy of EU citizens' personal data. Controls for prohibiting illegal access to stored data, as well as access control methods such as least privilege, role-based access, and multifactor authentication, are all required by GDPR.

 

CIS - A voluntary expert alliance created CIS in the late 2000s to develop a framework for defending businesses against cybersecurity risks. It consists of 20 controls that are updated on a regular basis by specialists from all fields–government, academia, and industry–in order to keep abreast and on top of cybersecurity risks.

 

FISMA- The Federal Information Security Management Act (FISMA) is a United States law that requires federal agencies, state agencies, and private government contractors to establish, document, and implement an information security and protection policy. FISMA regulates information security, which it defines as “protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality and availability.”

 

NERC-CIP -These are the mandatory security standards that apply to entities who own or administer facilities that are connected to the electric power grids in the United States and Canada.

 

HIPA- The Health Insurance Portability and Accountability Act (HIPAA) is the law that governs the protection of sensitive patient data. To achieve HIPAA compliance, businesses that deal with protected health information (PHI) must have physical, network, and procedural security measures in place and follow them.

 

PCI DSS-PCI DSS  is the worldwide Payment Card Industry Data Security Standard. It was initiated to ensure businesses process card payments were secure, as well as to help reduce card fraud.