Cyber security frameworks are sets of documents describing guidelines, standards, and best practices designed for cyber security risk management. The frameworks exist to reduce an organization's exposure to weaknesses and vulnerabilities that hackers and other cyber criminals may exploit.
A cybersecurity framework is a set of policies, practices, and procedures implemented to create an effective cybersecurity posture. These frameworks provide organizations with the guidance to protect their assets from cyberthreats by identifying, assessing, and managing risks that could lead to data breaches, system outages, or other disruptions.
- NIST Cybersecurity Framework
- ISO 27001 and ISO 27002: International Organization for Standardization.
- SOC2: Service Organization Control (SOC) Type 2.
- NERC CIP : North American Electric Reliability Corporation - Critical Infrastructure Protection.
- HIPAA : Health Insurance Portability and Accountability Act.
- GDPR: The General Data Protection Regulation.
- FISMA: The Federal Information Security Management Act.
- PCI DSS
PCI-DSS
A council of major payment processors developed the Payment Card Industry Data Security Standard (PCI-DSS) to protect customers’ payment card data. This standard provides a comprehensive set of requirements designed to help organizations secure their systems and prevent unauthorized access to customer information.
The PCI-DSS framework includes 12 requirements organizations must meet to protect customer data. These requirements cover access control, network security, and data storage specific to the payment processing industry. It also includes measures for safeguarding customer payment card data, including encryption and tokenization technologies.
On March 31, 2024, PCI-DSS version 3.2.1 officially retired, and version 4.0 became mandatory, now requiring the use of multi-factor authentication.
Comments
Post a Comment