In this video, Mandy Huth reviews some of the more specific vocabulary associated with the frameworks.
- [Instructor] There are some key terms to be aware of when you are discussing security frameworks. Security frameworks are a set of practices, policies, and processes that hold your organization accountable for its defenses. It is a calculated approach to determining risk, setting strategy, and obtaining resources. Further, a security framework is measurable and repeatable. NIST, or the National Institute of Standards and Technology, is a physical sciences laboratory spanning science, technology, engineering, and information technology.
Their mission is to supply reference materials to end users, which can be used as calibration standards and quality controls. ISO is the International Organization for Standardization. It is an internationally recognized organization that creates standards for over 168 member countries. It is an independent organization, and it is the world's largest developer of international standards used among nations. PCI, or the Payment Card Industry, is an information security standard for organizations that accept payment cards.
This standard is mandated by the major card brands to help reduce credit card fraud. A SIG, or a Standard Information Gathering, is a tool to help companies assess risk in a standard fashion. It is created by the Shared Assessments Program and has been developing third-party risk management tools since 2005 in the form of a questionnaire. The security world is full of jargon. Recognizing the main security frameworks can help your organization determine the best controls to use for your program.
- Picking the right security framework
- Why are security frameworks important?
- Global, federal, and state cybersecurity regulations
- PCI and credit card payments
- CIS critical security controls
- Comparing the top four security frameworks
- Mapping process and technical controls
- Augmenting frameworks with GRCs
- Developing a security mindset