Many organizations must comply with a mixture of state-mandated, industry-specific, and international cybersecurity regulations. The challenge for an organization which is trading nationally, or even globally, is considerable.
84% of organizations in the US tackle this issue with the help of a security framework, and 44% use more than one.
Many industries have different cybersecurity requirements and standards. For example, the energy sector has the NERC CIP standards and the medical industry has HIPAA. Organizations often use cybersecurity platforms or frameworks to secure their organization and ensure compliance with these mandates. To select the best security framework for your organization you’ll need to make a few considerations:
-
The maturity of your current cyber risk security program
-
Your company policies and goals
-
Any regulation requirements you have to comply with
Overall, you should take some time to understand the different cybersecurity frameworks so that you can select one that best suits your business needs.
What are the most popular cybersecurity frameworks?
Used by 29% of organizations, the NIST (National Institute of Standards Technology) Cybersecurity Framework is a voluntary framework primarily intended for critical infrastructure organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.
However, this framework has proven to be flexible enough to also be implemented by non-US and non-critical infrastructure organizations. Indeed, the document is regularly being amended to adapt to changing industry needs.
Used by 32% of organizations, the CIS Critical Security Controls are a set of 20 actions designed to mitigate the threat of the majority of common cyber attacks.
The controls were designed by a group of volunteer experts from a range of fields, including cyber analysts, consultants, academics, and auditors.
Used by 35% of organizations, ISO 27001 is the international standard that describes best practice for implementing an ISMS (information security management system).
Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected.
Used by 47% of organizations, the PCI DSS (Payment Card Industry Data Security Standard) governs the way credit and debit card information is handled.
The Standard applies to any organization (regardless of size or number of transactions) that accepts, stores, transmits or processes cardholder data.
Organizations that comply with its requirements are in a better position to spot vulnerabilities that could be exposed by criminal hackers or lead to internal data breaches – thus protecting customers from stressful situations and organizations from embarrassing or costly security incidents.
Although not federally mandated in the United States, PCI DSS is mandated by the Payment Card Industry Security Standard council. The council is comprised of major credit card bands and is an industry standard. Some states have even incorporated the standard into their laws.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM