Organizations are going through a big change in the way they operate, think and function.

This change is being pushed by major technological (cloud and mobile), intellectual (big data and analytics) and behavioral (social) transformations that are affecting the entire IT industry. Security also has been hit by this revolution and the impact is due to the speed of the developments.

With the emergence of stronger and more widespread cybersecurity threats, organizational leaders cannot be in a wait-and-watch mode in cyberspace. The open ecosystem of the Internet gives enormous power to cybercriminals, and in turn, it makes cybersecurity more than just a technical problem — it’s a business problem. The potential consequences of a realized threat are extensive, and that has catapulted cybersecurity into the boardroom.

TrustedSec has experience in most control frameworks, reviewing an organization control structure against these requirements, and assisting in the development of a strategy to mature and becomes compliant or certified. While most organizations may not be required to align, or certify to a standard, the practice is becoming a standard way to measure and mature an IT Security Program.

TrustedSec frameworks:

  • HIPAA
  • NIST 800
  • ISO 27001

There are several cyber security frameworks available, that an organization can align to, to provide better governance, measurement and performance of its IT Security function.

National Institute of Standards and Technology (NIST 800)

The NIST Cybersecurity Framework is one such effort to provide guidance in the field of cybersecurity. This framework is a good starting point for organizations who want to define, adopt and refine an infrastructure for their own needs while at the same time follow industry standards and norms.

Contractually

  • PCI DSS
  • SOC-I, SOC-II, SOC-III
  • Cloud Computing Framework
  • NIST 800-171

International Organization for Standardization (ISO 27001)

The ISO 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice. The standard requires cooperation among all sections of an organization.

ISO 27001 is invaluable for monitoring, reviewing, maintaining and improving a company’s information security management system and will unquestionably give partner organizations and customers greater confidence in the way they interact with your business. The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. Many international or multi-national corporations align to this standard to provide a governance framework, in which the IT Security program can operate and be measured.

Voluntary

  • National Institute of Standards and Technology (NIST 800-53)
  • ISO 27001,27002
  • North American Electric Reliability Corporation (NERC)
  • ISA/IEC-62443

Health Insurance Portability and Accountability Act (HIPAA)

The US Department of HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. If you are a healthcare provider or maintain, house or process healthcare records, you are required to be compliant with these regulations.

Regulatory

  • HIPAA
  • Sarbanes-Oxley
  • North American Electric Reliability Corporation (NERC)

Featured Content

Why Penetration Testing Needs Continual Evolution: Going Purple

Download

Talk with an Expert