A cybersecurity framework provides a set of baseline best practice criteria with a goal to further strengthen the cybersecurity posture of any organization where it is implemented. Having these frameworks in place, it becomes easy to define standard processes and procedures which sustains confidentiality, integrity and availability. In this article, we will talk about five cybersecurity standards, what they are, in what environment are they best suited and their level of acceptability.
The National Institute of Standards and Technology (NIST) is part of the United States Department of Commerce. The NIST Cybersecurity Framework assists businesses of all sizes in better understanding, managing, and mitigating cybersecurity risk, as well as protecting their networks and data. The Framework is entirely voluntary. It provides an outline of best practices for business to help decide where to focus time and money for cybersecurity protection.
The NIST Cybersecurity Framework can be deployed in five areas to cover the end-to-end business operation as it relates to cybersecurity: identify, protect, detect, respond, and recover.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that mandated the development of national standards to prevent sensitive patient health information from being disclosed without the patient’s knowledge or consent. To implement HIPAA requirements, the US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule. The HIPAA Security Rule safeguards a subset of the data covered by the Privacy Rule. The HIPPA is implemented by organizations that handle patients medical records to ensure that the relevant privacy requirements are put in place.
The ISO 27001 framework is intended for those seeking information technology management guidance. ISO 27001 is designed to provide a standard framework for organizations to manage information security and data. The ISO 27001 has 114 controls which are grouped into 14 control categories some of which are: security policies, access control, physical and environmental security and incident management.
The Federal Information Security Management Act (FISMA) is a comprehensive cybersecurity framework designed to safeguard federal government information and systems from cyber threats in the United States of America. Third parties and vendors who work on behalf of federal agencies are also covered by FISMA.
The FISMA framework is closely aligned with NIST standards and requires agencies and third parties to keep an inventory of their digital assets and identify any network and system integrations. Sensitive information must be classified according to risk, and security controls must meet FIPS and NIST 800 minimum security standards. Organizations that are affected must also conduct cybersecurity risk assessments, annual security reviews, and continuous monitoring of their IT infrastructure.
In order to improve data protection procedures and practices for EU residents, the General Data Protection Regulation (GDPR) was adopted in 2016. (EU). The GDPR has an impact on all firms, including U.S. companies, that are headquartered in the EU or that collect and keep the personal data of EU residents.
The framework has 99 articles that address a company’s compliance obligations, such as the consumer’s right to access their data, data protection policies and processes, and notification requirements for data breaches (companies must notify their national regulator within 72 hours of breach discovery)
