1. NIST Cybersecurity Framework

  • Description: Developed by the National Institute of Standards and Technology, this framework provides a policy for managing and reducing cybersecurity risk.

2. ISO/IEC 27001:2013

  • Description: An international standard that provides the requirements for an information security management system (ISMS).

3. CIS Critical Security Controls

  • Description: Developed by the Center for Internet Security, these controls provide a series of cybersecurity actions prioritized to mitigate the most prevalent cyber attacks.

4. MITRE ATT&CK Framework

  • Description: A knowledge base used to describe the actions and behaviors of cyber adversaries, providing a structured understanding of their tactics and techniques.

5. PCI DSS (Payment Card Industry Data Security Standard)

  • Link: PCI DSS

  • Description: A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

6. HIPAA (Health Insurance Portability and Accountability Act)

  • Link: HIPAA

  • Description: U.S. legislation that provides data privacy and security provisions for safeguarding medical information.

7. GDPR (General Data Protection Regulation)

  • Link: GDPR

  • Description: A regulation that demands businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

8. SOC 2 (Service Organization Control 2)

  • Link: SOC 2

  • Description: A framework for managing and securing data that is important to the privacy and confidentiality of an organization’s data.

  • Link: COBIT

  • Description: A framework for developing, implementing, monitoring, and improving IT governance and management practices.

10. ITIL (Information Technology Infrastructure Library)

  • Link: ITIL

  • Description: A set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business.

Last updated