In recent years the number of regulations, standards, frameworks and the like have increased. While some are aimed at IT overall, in light of recent events many of them have included or even focused on IT Security. And this is likely to increase. Because of this, security professionals are finding themselves expected to follow, adhere to, and/or enforce these standards. But few have a decent understanding of them. Using as our basis the Critical Security Controls (formerly known as the SANS Top 20), we’ll take a look at some of the major security frameworks and regulations out there, such as HIPAA, ISO 27001/2, NIST CSF, PCI-DSS, SOX, and others. The aim is to help security professionals understand the common security issues these various models strive to address.
Michael Brown, CISSP, HCISPP, CISA, CISM, CRISC, has been involved with IT for 20 years, the last ten in IT Security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant preforming security risk assessments, gap analysis, and developing policies and procedures for clients to help them implement an information security management system.