Standards

1. NIST Cybersecurity Framework

• Link:

• Description: Developed by the National Institute of Standards and Technology, this framework provides a policy for managing and reducing cybersecurity risk.

2. ISO/IEC 27001:2013

• Link:

• Description: An international standard that provides the requirements for an information security management system (ISMS).

3. CIS Critical Security Controls

• Link:

• Description: Developed by the Center for Internet Security, these controls provide a series of cybersecurity actions prioritized to mitigate the most prevalent cyber attacks.

4. MITRE ATT&CK Framework

• Link:

• Description: A knowledge base used to describe the actions and behaviors of cyber adversaries, providing a structured understanding of their tactics and techniques.

5. PCI DSS (Payment Card Industry Data Security Standard)

• Link:

• Description: A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

6. HIPAA (Health Insurance Portability and Accountability Act)

• Description: U.S. legislation that provides data privacy and security provisions for safeguarding medical information.

7. GDPR (General Data Protection Regulation)

• Description: A regulation that demands businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

8. SOC 2 (Service Organization Control 2)

• Description: A framework for managing and securing data that is important to the privacy and confidentiality of an organization’s data.

9. COBIT (Control Objectives for Information and Related Technologies)

• Description: A framework for developing, implementing, monitoring, and improving IT governance and management practices.

10. ITIL (Information Technology Infrastructure Library)

• Description: A set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business.