Cybersecurity Standards
Cybersecurity Standards
Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
International Standards
ISO 27001
This is one of the common standards that adhere to the organization to implement an Information security management system. It is comprised of the set of procedures that states the rules and requirements which has to be satisfied in order to get the organization certified with this standard. As per this standard, the organization is supposed to keep all the technology up to date, the servers should exist without vulnerabilities and the organization has to be audited after the specified interval to remain compiled to this standard. It is an international standard and every organization that serves other organization that complies with this standard is supposed to comply with ISMS policy that is covered under ISO 27001 practice.
PCI DSS
PCI DSS stands for Payment Card Industry Data Security Standard. This can be considered as the standard that has to be opted by the organization that accepts payment through their gateway. The businesses that store user data like their name and card related information must have to adopt this standard in their organization. As per this compliance, the technologies used by the organization should be up-to-date and their system should continuously undergo the security assessment to ensure that it is not having any severe vulnerability. This standard was developed by the cluster of card brands(American Express, Visa, MasterCard, JCB, and Discover).
The standard consists of 12 requirements that are organized into six goals:
Goal 1: Build and Maintain a Secure Network and Systems
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Goal 2: Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Goal 3: Maintain a Vulnerability Management Program
Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Goal 4: Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Identify and authenticate access to system components
Goal 5: Regularly Monitor and Test Networks
Requirement 9: Regularly monitor and test networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Goal 6: Maintain an Information Security Policy
Requirement 11: Regularly test security systems and processes
Requirement 12: Maintain a policy that addresses information security for all personnel
HIPAA
HIPAA stands for Health Insurance Portability and Accountability Act. It is the standard that the hospitals are supposed to follow to ensure that their patient’s data are fully protected and cannot be leaked anyway. In order to comply with this standard, the hospital must have a strong network security team who takes care of all the security incidents, their quarterly security reports should be healthy, all the transaction has to be done in encrypted mode and so on. This standard ensures that the critical health-related information of the patient will remain secure so that the patient can feel safe about their health.
FINRA
FINRA stands for Financial Industry Regulatory Authority. This standard is all about making things secure for the financial bodies that handle the funds or aggressively engaged in financial transactions. In this standard, the system is supposed to be highly secure and to comply with this standard, various measures have to be considered in terms of data security and the user’s data protection. It is one of the most essential standards that all the organizations based on finance are supposed to comply with.
GDPR
GDPR stands for General Data Protection Regulation. It is a standard defined by the Europian government which is concerned about the data protection of all the users. In this standard, the body that has to manage the compliance has to make sure that the user’s data is secure and cannot be accessed without proper authorization. As the name states, this standard mainly focuses on the safety of the user’s data so that they can feel safe while sharing it with any of the organizations that are complying with the General Data Protection Regulation.
The CIS Benchmarks
The CIS Benchmarks are community-developed secure configuration recommendations for hardening organizations' technologies against cyber attacks. Mapped to the CIS Critical Security Controls (CIS Controls), the CIS Benchmarks elevate the security defenses for cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, network devices, and operating systems.
Last updated