Cybersecurity Standards

Cybersecurity Standards

Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

International Standards

ISO 27001

This is one of the common standards that adhere to the organization to implement an Information security management system. It is comprised of the set of procedures that states the rules and requirements which has to be satisfied in order to get the organization certified with this standard. As per this standard, the organization is supposed to keep all the technology up to date, the servers should exist without vulnerabilities and the organization has to be audited after the specified interval to remain compiled to this standard. It is an international standard and every organization that serves other organization that complies with this standard is supposed to comply with ISMS policy that is covered under ISO 27001 practice.

PCI DSS

PCI DSS stands for Payment Card Industry Data Security Standard. This can be considered as the standard that has to be opted by the organization that accepts payment through their gateway. The businesses that store user data like their name and card related information must have to adopt this standard in their organization. As per this compliance, the technologies used by the organization should be up-to-date and their system should continuously undergo the security assessment to ensure that it is not having any severe vulnerability. This standard was developed by the cluster of card brands(American Express, Visa, MasterCard, JCB, and Discover).

The standard consists of 12 requirements that are organized into six goals:

Goal 1: Build and Maintain a Secure Network and Systems

  • Requirement 1: Install and maintain a firewall configuration to protect cardholder data

  • Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

Goal 2: Protect Cardholder Data

  • Requirement 3: Protect stored cardholder data

  • Requirement 4: Encrypt transmission of cardholder data across open, public networks

Goal 3: Maintain a Vulnerability Management Program

  • Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

  • Requirement 6: Develop and maintain secure systems and applications

Goal 4: Implement Strong Access Control Measures

  • Requirement 7: Restrict access to cardholder data by business need-to-know

  • Requirement 8: Identify and authenticate access to system components

Goal 5: Regularly Monitor and Test Networks

  • Requirement 9: Regularly monitor and test networks

  • Requirement 10: Track and monitor all access to network resources and cardholder data

Goal 6: Maintain an Information Security Policy

  • Requirement 11: Regularly test security systems and processes

  • Requirement 12: Maintain a policy that addresses information security for all personnel

HIPAA

HIPAA stands for Health Insurance Portability and Accountability Act. It is the standard that the hospitals are supposed to follow to ensure that their patient’s data are fully protected and cannot be leaked anyway. In order to comply with this standard, the hospital must have a strong network security team who takes care of all the security incidents, their quarterly security reports should be healthy, all the transaction has to be done in encrypted mode and so on. This standard ensures that the critical health-related information of the patient will remain secure so that the patient can feel safe about their health.

FINRA

FINRA stands for Financial Industry Regulatory Authority. This standard is all about making things secure for the financial bodies that handle the funds or aggressively engaged in financial transactions. In this standard, the system is supposed to be highly secure and to comply with this standard, various measures have to be considered in terms of data security and the user’s data protection. It is one of the most essential standards that all the organizations based on finance are supposed to comply with.

GDPR

GDPR stands for General Data Protection Regulation. It is a standard defined by the Europian government which is concerned about the data protection of all the users. In this standard, the body that has to manage the compliance has to make sure that the user’s data is secure and cannot be accessed without proper authorization. As the name states, this standard mainly focuses on the safety of the user’s data so that they can feel safe while sharing it with any of the organizations that are complying with the General Data Protection Regulation.

The CIS Benchmarks

The CIS Benchmarks are community-developed secure configuration recommendations for hardening organizations' technologies against cyber attacks. Mapped to the CIS Critical Security Controls (CIS Controls), the CIS Benchmarks elevate the security defenses for cloud provider platforms and cloud services, containers, databases, desktop software, server software, mobile devices, network devices, and operating systems.

PreviousBlue Team & SOC AnalystNextBlue Team & SOC Analyst

Last updated