Cybersecurity Frameworks

NIST

In order to meet with the technical and other requirements, organisations uses Frameworks that provides the best practices and guidelines to assist in improving security , meeting regulatory requirements, optimizing business processes and performing other tasks to improve and boost business .

These are the several cybersecurity compliance frameworks available, including the following:

  • Consortium for IT Software Quality (CISQ)
  • Control Objectives for Information Related Technology (COBIT)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • National Institute of Standards and Technology (NIST)
  • Privacy Shield
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Sarbanes-Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Organization for Standardization (ISO)
  • General Data Protection Regulation (GDPR)

Lets understand the work of these frameworks:

Consortium for IT Software Quality (CISQ) It develops the structure quality and the size of software applications. 

Control Objectives for Information Related Technology (COBIT)Control Objectives for Information Related Technology (COBIT) framework to address the issue of risk reduction in financial organizations. 

Federal Risk and Authorization Management Program (FedRAMP)It  is a framework that provides a standardized way for government agencies to evaluate the risks of cloud-based software solutions and infrastructure platforms. 

National Institute of Standards and Technology (NIST) – A Framework for improving critical infrastructure Cybersecurity with a goal to improve organization’s readiness for managing cybersecurity risk by leveraging standard methodologies and processes

Privacy ShieldPrivacy Shield Framework  which were issued to ensure that US companies complied with European Union (EU) data protection standards when transferring EU data across borders.

Payment Card Industry Data Security Standard (PCI DSS) –  These are the set of security controls required to protect the payment account details security such as credit card, debit card, and cash card transactions.

Sarbanes-Oxley (SOX) – It established a framework setting out mandatory controls for public companies.

Health Insurance Portability and Accountability Act (HIPAA) – It is a framework governing the activities of anyone who collects, stores, or processes personal health information (PHI).  This includes hospitals, clinics, medical services providers, and insurance companies.

International Organization for Standardization (ISO) 27001/27002 – These include the best practies for information security management and information security program elements.

General Data Protection Regulation (GDPR) –  It is a compliance framework setting out rigorous conditions, guidelines, and penalties for organizations and individuals that collect, store, and process the personal information of European Union (EU) citizens and residents for protecting the data privacy of individuals.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com | Facebook: https://www.facebook.com/DTdoctoolss/

What is Information Security?

InfoSec

Information Security is also known as InfoSec, it is all about securing information from unauthorised access which can be done through tools, processes deployed to protect sensitive business information from modification, disruption, destruction and inspection.

These information can be anything from the data stored in your personal laptops , mobiles or anything stored on your social media platform.

There are three pillars of Information Security which are commonly known as :

C – Confidentiality

The information which is not disclosed to unauthorised individuals, entities and process. For example, if we say I have a password for my Facebook account but someone has seen me entering the password through shoulder-surfing when I was trying to login to my account. In such a scenario my password has been compromised and confidentiality has been breached.

I – Integrity

It means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorised way. 

For example if a person has been diagnosed with an untreated disease and dies due to the same then in this scenario his confidential data such as account details should be updated and closed by the bank authorities to reflect status as ACCOUNT CLOSED so that data is complete and accurate and in addition to this only authorised person should be allowed to edit the account holders details.

A – Availability.

It means information must be available when needed. For example : if an employee who joins a new organisation and the new company wants to do a background check for this employee so in such a scenario the authorities need to share the information related to the employee when needed to the authorised source.

Difference between InfoSec and CyberSecurity?

Information security and cybersecurity are often confused. InfoSec is a crucial part of cybersecurity, but it refers exclusively to the processes designed for data security. Cybersecurity is a more general term that includes InfoSec.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com | Facebook: https://www.facebook.com/DTdoctoolss/

Website Built with WordPress.com.

Up ↑

Create your website with WordPress.com
Get started