08. Intro to Security Regulations
Intro to Security Regulations and Frameworks
ND545 C1 L2 06 Intro To Security Regulations Video
Summary
Every organization, no matter its size, structure or sector has a governing body saying what security rules must be followed. These laws, regulations, standards and frameworks provide oversight and direction for security programs. They supply a process for securing an organization's infrastructure. Many also have very specific rules or controls that must be followed.
This section helps you identify these common security regulations and frameworks that you will see as a cybersecurity professional.
Security Frameworks
ISO 27000 Series
- ISO/IEC 27001:2013, Information Security Management System (ISMS) Specification
- ISO/IEC 27002:2013, The Code of Practice for Information Security Management
- 14 security control groups
- 35 control objectives
- More than 110 individual controls
- ISO/IEC 27005:2011, ISMS Risk Management
NIST Computer Security Resources Center Special Publications
The NIST CSRC provides resources including standards, practice guides and requirement documents on a computer, cyber, and information security and privacy.
In particular, the Special Publication or SP 800 Series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. See: https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information
Industry-Specific Regulations
- HIPAA Security and Privacy rules - Safeguarding Protected Health Information (PHI)
- Payment Card Industry Data Security Standard (PCI DSS) - Rules for processing, storing or transmitting Cardholder Data
- European Union’s General Data Privacy Regulation (GDPR) - EU’s law on data protection and privacy
New terms
- ISMS: Information Security Management System
Further research
- ISO/IEC 27000 Series - https://www.iso.org/isoiec-27001-information-security.html
- NIST CSRC - https://csrc.nist.gov/
- NIST Special Publications - https://csrc.nist.gov/publications
- HIPAA Privacy Rule - https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
- HIPAA Security Rule - https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
- PCI DSS - https://www.pcisecuritystandards.org/
- EU GDPR - https://gdpr-info.eu/