Join Mandy Huth for an in-depth discussion in this video Security frameworks, part of Security Matters (To Everyone).
(upbeat music) - So maybe you wanna learn something new about information security, where do you go? Well, let me tell you. Just like blazing the Oregon Trail, others have gone before you. (upbeat music) So let's leverage what they learned and learn something new. Maybe you wanna focus on personal security. There's a great resource called staysafeonline.org. It focuses on practices at home, whether you're protecting yourself, your children, or your parents, by providing safe online practices.
They also have tips for small and medium businesses on how to secure their business. If you're a business of any size and you accept or store credit cards you'll be required to be compliant with PCIDSS. That stands for payment card industry data security standards. This regulation provides controls with how you have to process data and how you have to secure that data for your business. If you're looking to secure your business you may wanna look at the Center for Internet Security, or CIS controls.
CIS includes 20 solid controls for making your business's technologies more secure. If you're in the United States the government has done quite a bit of work with the National Institute for Standards & Technology, or NIST. There's a special publication called 800-53. This provides a comprehensive list of procedures and controls for your business. Those are rated based on their security impact from low to medium and high. Finally, there's a global standard based on the International Standardization Organization, or ISO 27001.
This list of controls intends to bring information security under management control for global organizations. No matter your intent or your size, all of these frameworks follow the same foundational principles. So you're going to find quite a bit of overlap that you can choose from. Most importantly, don't get overwhelmed. Choose one framework, then pick one control. Work on that control to improve your security posture. Just like the Oregon Trail, everything you can do for security is a step towards your security destination.