EN, Search Security Resources and Information from TechTarget

Top 15 IT security frameworks and standards explained

<p>Information security management encompasses many areas — from perimeter protection and encryption to application security and disaster recovery. IT security is made more challenging by compliance regulations and standards, such as <a href=”https://www.techtarget.com/searchhealthit/definition/HIPAA”>HIPAA</a>, PCI DSS , the Sarbanes-Oxley Act and <a href=”https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR”>GDPR</a>.</p>
<div class=”ad-wrapper ad-embedded”>
<div id=”halfpage” class=”ad ad-hp”>
<script>GPT.display(‘halfpage’)</script>
</div>
<div id=”mu-1″ class=”ad ad-mu”>
<script>GPT.display(‘mu-1’)</script>
</div>
</div>
<p>This is where IT security frameworks and standards are essential. Knowledge of regulations, standards and frameworks is necessary for all cybersecurity professionals. Compliance with these frameworks and standards is especially important from an audit perspective.</p>
<p>To help manage the process, let’s examine standards, regulations and frameworks, as well as the more popular security options and how to use them.</p>
<section class=”section main-article-chapter” data-menu-title=”What are IT security standards, regulations and frameworks?”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>What are IT security standards, regulations and frameworks?</h2>
<p><b>Standards</b> are like recipes; they list steps to follow. A well-managed IT organization must comply with the requirements set forth in a standard.</p>
<p><b>Regulations</b>, in contrast, have a legally binding impact. The way they describe how to do something indicates government and public support for the rules and processes set forth in the regulation. Failure to comply with IT-focused regulations can result in financial penalties and litigation.</p>
<p><b>Frameworks</b> detail how to develop, test, execute and maintain something. A cybersecurity framework is a series of documented processes that defines policies and procedures for implementing and managing infosec controls. Such frameworks are a blueprint for managing risk and reducing vulnerabilities.</p>
<p>Information security professionals use frameworks to define and prioritize the tasks required to manage enterprise security. F

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: