Security Regulations and Frameworks
by Fola
Posted on Friday, 12th jan 2024
![](https://myportfolioimages.blob.core.windows.net/portfolioimages/media/post_images/pexels-pixabay-60504.jpg)
Every organization, no matter its size, structure or sector has a governing body saying what security rules must be followed. These laws, regulations, standards and frameworks provide oversight and direction for security programs. They supply a process for securing an organization's infrastructure. Many also have very specific rules or controls that must be followed.
This post helps you identify these common security regulations and frameworks that you will see as a cybersecurity professional.
Security Frameworks
ISO 27000 Series
- ISO/IEC 27001:2013, Information Security Management System (ISMS) Specification
- ISO/IEC 27002:2013, The Code of Practice for Information Security Management
- 14 security control groups
- 35 control objectives
- More than 110 individual controls
- ISO/IEC 27005:2011, ISMS Risk Management
NIST Computer Security Resources Center Special Publications
The NIST CSRC provides resources including standards, practice guides and requirement documents on a computer, cyber, and information security and privacy.
In particular, the Special Publication or SP 800 Series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. See: https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information
Industry-Specific Regulations
- HIPAA Security and Privacy rules - Safeguarding Protected Health Information (PHI)
- Payment Card Industry Data Security Standard (PCI DSS) - Rules for processing, storing or transmitting Cardholder Data
- European Union’s General Data Privacy Regulation (GDPR) - EU’s law on data protection and privacy
Summary
The Rules of the Security Road
- Provide oversight and direction for security programs
- They supply a process for securing an organization's infrastructure
- Security controls: specific safeguards or countermeasures to avoid, detect, counteract, or minimize risks to assets
Similar posts
Decoding Methodologies: Agile vs. Waterfall in Software Development
Mastering the Craft: Crafting Impactful User Stories
Choosing the Right Database in 2024: A Comprehensive Guide
Unveiling the Power of Test-Driven Development (TDD)
Leave a Comment:
Add a new comment
0 comments
There are no comments.