Solving for regulatory compliance and alignment to industry frameworks continues to undergo massive change.

With the continued growth of stronger and more widespread threats, organizational leaders are being forced to deal with cybersecurity like never before. The openness of the Internet and new technologies such as cloud, artificial intelligence, mobile, and the Internet of Things gives enormous power to cybercriminals and makes cybersecurity both a technical problem and a business problem. The potential consequences of various threats have raised cybersecurity and regulatory compliance into the boardroom as two of the most major risks and costs.

Based on the strength in research and leading in securing emerging, business-enabling technology, TrustedSec will assist organizations with security and compliance with most control frameworks. TrustedSec reviews an organization’s control structure against these requirements and helps in the development of a strategy to mature and become compliant or certified. While most organizations may not be required to align, or certify to a standard, the practice is becoming a standard way to measure and mature an IT Security Program.

A current state readiness assessment is a critical success factor in the development and maintenance of a comprehensive risk and compliance-focused information privacy and security program. By performing a readiness assessment, organizations are able to leverage independent third-party risk and security expertise for strategic planning to expedite compliance efforts. TrustedSec provides a sound understanding of where your program is, where it should be, and specific recommendations for attaining compliance in alignment with strategic business objectives.

TrustedSec framework alignment:

  • HIPAA
  • NIST Cyber Security Framework (CSF)
  • NIST 800-53
  • DFARS/NIST 800-171
  • ISO 27001
  • FFIEC

There are several cyber security frameworks available, that an organization can align to, to provide better governance, measurement and performance of its IT Security function.

National Institute of Standards and Technology (NIST CSF)

The NIST Cybersecurity Framework is one such effort to provide guidance in the field of cybersecurity. This framework is a good starting point for organizations who want to define, adopt and refine an infrastructure for their own needs while at the same time follow industry standards and norms.

Contractually

  • PCI DSS
  • SOC-I, SOC-II, SOC-III
  • Cloud Computing Framework
  • NIST 800-171

International Organization for Standardization (ISO 27001)

The ISO 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice. The standard requires cooperation among all sections of an organization.

ISO 27001 is invaluable for monitoring, reviewing, maintaining and improving a company’s information security management system and will unquestionably give partner organizations and customers greater confidence in the way they interact with your business. The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. Many international or multi-national corporations align to this standard to provide a governance framework, in which the IT Security program can operate and be measured.

Voluntary

  • National Institute of Standards and Technology (NIST 800-53)
  • ISO 27001,27002
  • North American Electric Reliability Corporation (NERC)
  • ISA/IEC-62443

Health Insurance Portability and Accountability Act (HIPAA)

The US Department of HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) establishes national standards for the protection of certain health information. The Security Standards for the Protection of Electronic Protected Health Information establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. If you are a healthcare provider or maintain, house or process healthcare records, you are required to be compliant with these regulations.

Regulatory

  • HIPAA
  • Sarbanes-Oxley
  • North American Electric Reliability Corporation (NERC)

Featured Content

Why Penetration Testing Needs Continual Evolution: Going Purple

Download

Talk with an Expert

David Kennedy

Author: David Kennedy

Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.