Frameworks and Standards

Cybersecurity frameworks and standards are essential for a smooth running of any organization which has a digital backbone or deals with digital information. These frameworks have existed for sometime and contain the essential steps or requirements in order to safeguard information from any external attacks and cyber risks. The cyber security market has had its share of dealings with compliance standards and legislation. Some have very broad applicability, others are very narrow, there are mandated and optional ones; technical and managerial; guideline and prescription.


The United States depends on the reliable functioning of critical infrastructure. Cybersecurity
threats exploit the increased complexity and connectivity of critical infrastructure systems,
placing the Nation’s security, economy, and public safety and health at risk.

Similar to financial and reputational risks, cybersecurity risk affects a company’s bottom line. It can drive up costs and affect revenue. It can harm an organization’s ability to innovate and to gain and maintain

The NIST cybersecurity framework or ISMS was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and small companies and organizations across all industry sectors, as well as by federal, state and local governments.

For more information check here

ISO 27001

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties..

Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.

Part of the ISO 27000 series of information security standards, ISO 27001 is a framework that helps organisations “establish, implement, operate, monitor, review, maintain and continually improve an ISMS”.

Risk management forms the cornerstone of an ISO/IEC ISMS. All ISMS projects rely on regular information security risk assessments to determine which security controls to implement and maintain.

For more information check here


PCI or Payment card industry data security standards has been in the security industry for some time. The standard dictates the necessary requirements that credit card companies need to adhere.

Payment security is paramount for every merchant, financial institution or other entity that stores, processes or transmits cardholder data.

The PCI Data Security Standards help protect the safety of that data. They set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.

Maintaining payment security is serious business. It is vital that every entity responsible for the security of cardholder data diligently follows the PCI Data Security Standards.

Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards

For more information check here


General Data Protection Regulation or GDPR dictates some of its objectives around data protection which are :

-This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.

-This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

-The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.

For more information check here


COBIT stands for Control Objectives for Information and Related Technology. It is a framework created by the ISACA (Information Systems Audit and Control Association) for IT governance and management.

Effective governance over information and technology is critical to business success, and this new release further cements COBIT’s continuing role as an important driver of innovation and business transformation.

In addition to the updated framework, COBIT now offers more implementation resources, practical guidance and insights, as well as comprehensive training opportunities.

Implementation is now more flexible, enabling you to right-size your governance solution using COBIT, and training opportunities will help you to derive maximum ROI from your solution.

For more information check here


The Committee of Sponsoring Organizations of the Treadway Commission COSO) is a joint initiative of the five private sector organizations listed on the left and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence.

The Committee of Sponsoring Organizations’ (COSO) mission is to provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.

For more information check here


Information Technology Infrastructure Library or ITIL is a framework of best practices for delivering IT services. ITIL’s systematic approach to IT service management can help businesses manage risk, strengthen customer relations, establish cost-effective practices, and build a stable IT environment that allows for growth, scale and change.

The IT Infrastructure Library (ITIL) is a library of volumes describing a framework of best practices for delivering IT services.

Developed by the British government’s Central Computer and Telecommunications Agency (CCTA) during the 1980s, the ITIL first consisted of more than 30 books, developed and released over time, that codified best practices in information technology accumulated from many sources (including vendors’ best practices) around the world. 

For more information check here

HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.1 To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule, or Standards for Privacy of Individually Identifiable Health Information, establishes national standards for the protection of certain health information. 

 The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). Within HHS, the Office for Civil Rights (OCR) has responsibility for enforcing the Privacy and Security Rules with voluntary compliance activities and civil money penalties.

For more information check here


NIST – Cybersecurity framework – Reference

ISO 27001 – ISO/IEC 27001 – Reference , IT Governance UK – Reference

PCI SECURITY – Reference

GDPR – Reference

ISACA – Cobit resource – Reference

COSO Framework – Reference

CIO – Your guide to the IT Infrastructure Library – Reference

HIPAA – Summary of the HIPAA Compliance 2019 – Reference

%d bloggers like this: