Security Frameworks
Introduction
1. Pick the right security framework
2. Who uses security frameworks
- Regulatory compliance
- Public safety
- Differentiation
- Protecting sensitive data
Framework
- Guidance
- People
- Process
- Technology
3. Why security frameworks important
Frameworks guide the implementation and management of security controls within an organization
- Reference for designing security mechanisms
- Common language
- Measurement
- Benchmarking
Top Drives
- Regulation
- Public safety
- Reputation and financial security
- Differentiation
Top Benefits
- solid baseline for measuring security effectiveness
- Compliance
- Improved , demonstrable maturity
Top Challenges
- Lack of budget
- Trained staff
- Automation tools
- Lack of integration between tools
4. Definitions
- NIST
- National Institute of Standards and Technology
- www.nist.gov
- Non regulatory agency in the US government
- ISO
- Represented by various national standards org
- Consults with UN
- Develops and publishes international standards
- PCI
- Payment Card Industry
- www.pcisecuritystandards.org
- Global forum
- Account data protection
- SIG
- Standard Information Gathering
- sharedassessments.org/sig/
- Questionnaire
- 18 control areas
- Over 1,300 questions
- Security Framework
- set of practices, policies, and processes
- Calculated risk
- Strategy
- Measurable and repeatable
1. Frameworks, Regulations, and Risk
Overview of the major frameworks
Other frameworks to consider
Cybersecurity regulations
Risk assessment and the SIG
上記はアメリカのビジネス、レギュレーション JDAIはISOを採用すること
ISO 27001 ISO 27017 Cloud security standard
- Information security policy
- Security organization
- Human resources
- Asset management
- Access control
- Cryptography
- Physical security
- Operations security
- Communications security
- System security
- Supplier relationships
- Incident management
- Business continuity
Exam Tips Make sure that your use of a cloud provider falls within their scope of compliance statement