most organizations have rules and regulations they're required to follow.
Working in the I. T or cyber field, there are additional standards, directives and or frameworks requiring compliance.
The varying set of guidelines and rules serve many purposes, including improving process efficiencies and security posture, as well as reducing risk of certain threats.
The rules and guidance and organization follows depends on the industry it's part of and the type of information it works with
consequences for noncompliance can range from a stern reprimand to catastrophic financial loss to incarceration, depending on the type of rules and the scope of impact.
There are regulatory meaning. An organization is required to abide or be in compliance with and non regulatory, which are recommendations and best practices that may be enforced within an organization, such as a password policy but not enforced by law. Externally,
there are industry standard frameworks, which are high level blueprints outlining accepted practices to build a strong operational foundation and security specific frameworks detail ING methods for developing policies and procedures focused on securing, operating, managing and maintaining information systems.
There are several establish security frameworks that are commonly accepted by the community as sound best practices
the ice. So I'II see 2700 Siri's missed SP 800 Siri's and Kobe
the Ice. So I'II see. 2700 or International Organization for Standardization Electro Technical Commission. Serious is a group of documents detailing recommendations for securing information systems and managing risk through security controls.
Missed the National Institute of Standards and Technology SP 800. Siri's is a large collection of security publications on information security standards and best practices.
The Kobe IT or control objectives for information and related technologies. Remark is used to help management a line business goals with information technology and better manage risk.
One of the main goals of frameworks is to establish a common way for describing industry practices, using common terminology, enabling organizations to adopt and adapt as needed to support its own business needs.
Toe Gaff. The open group Architectural framework is an enterprise software development framework that applies a systematic approach to the development to help reduce airs and produce timely quality results.
Idol. The Information Technology Infrastructure Library is literally a library of open source information that advocates I T Service is aligned to the needs of the business and supports its core processes
it guides how information is stored, maintained the change procedures and overall administration of I t
Absa. The Sherwood Applied Business Security Architecture is an open standard with several frameworks, models, methods and processes.
It is an overarching framework enabling other existing standards to be integrated, bringing together several models for an end to end solution and one compliance framework.
Industry specific frameworks narrow the focus to specific domains.
Industries such as health care and transportation have their own set of rules and regulations to adhere to.
Organizations may leverage an industry specific framework. In addition to security frameworks like NIST or so
brain works also guide compliance with the rules and regulations nationally and internationally.
Industry specific laws and regulations require compliance, and failure to do so can result in fines and war. Criminal penalties
regulations can be very broad, like the P. C. I. D. S s or payment card industry data security standard, which dictate properly handling customer payment cards, or HIPPA, the Health Insurance Portability and Accountability Act, which protects the privacy and medical history of patients.
It's important that everyone in an organization understands what standards and regulations require compliance
Most times, processes and procedures are in place to aid and following proper protocols,
and the frameworks that are adopted and adapted for managing and governing security can be supported by creating a reference architecture, visually displaying how the technical components work together to prevent, detect and respond to threats,
non regulatory frameworks and regulations required by law while having very different consequences, if not adhere to our equally important for supporting an organization's business goals and needs.