Security Standards

What is Cyber Security Standards?

When talking about Cybersecurity Standards, a lot of people out there will think only ISO standards which will cover the area of privacy protection, integrity, and data information access within the organization or outside of the organization. The main purpose of those ISO standards to be implemented in place is to provide the option of policy frameworks to determine the process that running within the organization.

Cybersecurity Standards also provide a set of rules that the organization complies to follow and also gives a guideline to ensure the protection of the organization’s data. Depending on the organization’s requirement, some cybersecurity standards can be used to ensure the maintain the compliance of the organization’s process.

Types of CyberSecurity Standards

Now, let’s go deep into the types of CyberSecurity Standards available for organizations to comply to ensure the protection of their data.

Some of the mentioned Standards might be well-known such as ISO 27001, PCI-DSS, and GDPR.

1. ISO 27001

As some people are aware of ISO 27001 standards where it will comprise of procedures that the organization will comply with the rules and requirements. The organization will need to keep update its system with the latest patches and servers need to safe from any known vulnerabilities so that the organization compiled to the standards whenever the external auditors came to audit the organization itself.

2. PCI DSS & FINRA

Payment Card Industry Data Security Standard or also known as PCI-DSS where it will be a guideline or standards to the organization in terms of accepts any payment through their gateway. The standards have normally been used in financial sectors that require a payment process. For this type of standard, the organization should keep update on the security part of their technologies. Besides that, the organization also has to go through security assessment or also known as Penetration Testing for at least once a year to ensure the system or technologies is been protected from breaches from outside.

FINRA or also known as Financial Industry Regulatory Authority that related to the financial sectors where it will ensure the financial organization complies and managed the funds or aggressively in any financial transactions. The standard has various measures that have considered such as data security and customer data protection.

3. HIPAA

Health Insurance Portability and Accountability Act or also known as HIPPA is a standard that related to hospitals where it will ensure the patient and staff’s data been secure and fully protected from been exposed in the wild. For these standards to fully implement, the health organization will need to have a very secure and strong team especially network and system team. This team is normally managing the health organization network data center and application.

4. GDPR

General Data Protection Regulations(GDPR) are standards that concerned with data protection for all the users which have been defined by the Europian Government. The standards also include how to manage the organization’s compliance for the compliance team. The process will implement to ensure all the user’s data have been protected and will be monitor on the access privilege without any permission on the authorization. By implementing the standards in the organization, the user can feel relieved when sharing sensitive information with other staff within the organization.

]

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *