Security Regulations and Frameworks

by Fola

Posted on Friday, 12th jan 2024

Every organization, no matter its size, structure or sector has a governing body saying what security rules must be followed. These laws, regulations, standards and frameworks provide oversight and direction for security programs. They supply a process for securing an organization's infrastructure. Many also have very specific rules or controls that must be followed.

This post helps you identify these common security regulations and frameworks that you will see as a cybersecurity professional.

Security Frameworks

ISO 27000 Series

  • ISO/IEC 27001:2013, Information Security Management System (ISMS) Specification
  • ISO/IEC 27002:2013, The Code of Practice for Information Security Management
    • 14 security control groups
    • 35 control objectives
    • More than 110 individual controls
  • ISO/IEC 27005:2011, ISMS Risk Management

NIST Computer Security Resources Center Special Publications

The NIST CSRC provides resources including standards, practice guides and requirement documents on a computer, cyber, and information security and privacy.
In particular, the Special Publication or SP 800 Series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. See: https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information

Industry-Specific Regulations

  • HIPAA Security and Privacy rules - Safeguarding Protected Health Information (PHI)
  • Payment Card Industry Data Security Standard (PCI DSS) - Rules for processing, storing or transmitting Cardholder Data
  • European Union’s General Data Privacy Regulation (GDPR) - EU’s law on data protection and privacy

Summary

The Rules of the Security Road

  • Provide oversight and direction for security programs
  • They supply a process for securing an organization's infrastructure
  • Security controls: specific safeguards or countermeasures to avoid, detect, counteract, or minimize risks to assets

Share this post

Similar posts

Decoding Methodologies: Agile vs. Waterfall in Software Development

Mastering the Craft: Crafting Impactful User Stories

Choosing the Right Database in 2024: A Comprehensive Guide

Unveiling the Power of Test-Driven Development (TDD)

Leave a Comment:

Add a new comment

0 comments

There are no comments.

Fola's blog

Welcome to my blog.

I've written 6 posts so far.
Socials
LinkedIn Facebook Github
Subscribe to my RSS feed
Most commented posts Tues
  1. Mastering the Craft: Crafting Impactful User Stories 1
  2. Decoding Methodologies: Agile vs. Waterfall in Software Development 1
  3. Unveiling the Power of Test-Driven Development (TDD) 0
  4. Choosing the Right Database in 2024: A Comprehensive Guide 0
  5. Precision in Practice: Elevating Customer Delivery and Targeting 0
Latest posts Wed