Scribd Logo
Upload

Welcome to Scribd!

  • Information Security Standard 27001 2022

    Uploaded by

    Carlos Martin Santos
    2 views13 pages
    Guia rapida para implantar ISO 27001 version 2022

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Guia rapida para implantar ISO 27001 version 2022

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views13 pages

    Information Security Standard 27001 2022

    Uploaded by

    Carlos Martin Santos
    Guia rapida para implantar ISO 27001 version 2022

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    A QUICK GUIDE TO

    INFORMATION
    SECURITY
    STANDARDS
    PREFACE
    Information Security Standards help
    organizations protect against cyber attacks
    by providing general guidelines as well as
    specific techniques for implementing cyber
    security.

    These standards vary in terms of scope of


    applicability and depth of coverage.
    ISO 27001
    ISO 27001/02 are international standards that
    focus on information security management
    systems (ISMS).

    APPLICABILITY CERTIFICATION
    Organizations of all sizes ISO 27001 certification is
    and sectors. achieved via formal audit
    conducted by an
    accredited certification
    body.
    PCI DSS
    PCI DSS provides a framework of requirements to
    handle payment card transactions, including
    merchants, service providers, and financial
    institutions to ensure the secure handling of
    credit card data to prevent fraud and protect
    cardholder information

    APPLICABILITY CERTIFICATION
    Organizations that PCI DSS is not a
    processes, stores, or certification, but a
    transmits credit card compliance done by
    information. Qualified Security
    Assessors (QSAs).
    NIST CSF
    NIST Cyber Security Framework provides a
    flexible, risk-based approach to identify, protect,
    detect, respond to, and recover from
    cybersecurity threats and incidents.

    APPLICABILITY CERTIFICATION
    Organizations of all NIST CSF is not a
    sizes, sectors, and certification.
    industries that want to It is a set of best
    enhance their security practices to improve
    posture. cyber security.
    CIS CONTROLS
    The CIS Controls are a recommended set of best
    practices and defensive actions that provide
    specific and actionable ways to thwart the most
    pervasive attacks and support compliance.

    APPLICABILITY CERTIFICATION
    Organizations of all sizes CIS Controls are not a
    and across various certification.
    industries. It is a set of guidelines &
    best practices to improve
    cyber security defenses.
    NIST SP 800-53
    NIST SP 800-53 is a comprehensive catalog of
    security and privacy controls for federal
    information systems and organizations. But is
    also widely used across various organizations.

    APPLICABILITY CERTIFICATION
    Organizations that NIST 800-53 is not a
    handles sensitive certification.
    It is a compliance
    information and seeks
    assessed through audits or
    to establish a robust
    assessments conducted
    security program.
    by internal or external
    auditors.
    SOC 2
    SOC 2 (Service Organization Control 2) focuses
    on the security, availability, processing integrity,
    confidentiality, and privacy of data within
    service organizations.

    APPLICABILITY CERTIFICATION
    Organizations that do SOC2 is not a certification.
    data hosting, SaaS, It is set of criteria used for
    managed IT services, auditing and reporting,
    and other outsourced conducted by an
    services that handle independent CPA firm.
    customer data.
    HITRUST
    HITRUST is a widely adopted framework that is
    designed to help protect sensitive patient health
    information (PHI).

    APPLICABILITY CERTIFICATION
    Healthcare industry, HITRUST is a certification,
    including healthcare conducted by a
    providers, health plans, HITRUST-approved
    healthcare assessor.
    clearinghouses, &
    business associates.
    CSA STAR
    CSA STAR (Cloud Security Alliance Security, Trust,
    and Assurance Registry) is a program
    developed by the Cloud Security Alliance to
    promote transparency and trust in cloud service
    providers (CSPs).

    APPLICABILITY CERTIFICATION
    CSA STAR is applicable CSPs can participate in CSA
    to cloud service STAR by completing a self-
    providers of all sizes and assessment questionnaire
    types, including IaaS, based on the Cloud
    PaaS, SaaS providers. Controls Matrix.
    FEDRAMP
    FedRAMP provides a standardized approach to
    assess and authorize cloud service providers
    (CSPs) for use by federal agencies.

    APPLICABILITY CERTIFICATION
    Applies to cloud service FedRAMP provides a tiered
    providers(CSP) that approach to certification,
    offer their services to consisting of 3 authorization
    federal agencies. levels - FedRAMP Ready,
    FedRAMP In Process, and
    FedRAMP Authorized.
    HIPAA
    HIPAA (Health Insurance Portability and
    Accountability Act) aims to safeguard patient
    privacy and ensure the confidentiality and
    integrity of health data.

    APPLICABILITY CERTIFICATION
    Healthcare industry, HIPAA is not a certification.
    including healthcare
    HIPAA compliance is
    providers, health plans,
    assessed through audits
    healthcare
    conducted by the Office
    clearinghouses, &
    for Civil Rights (OCR).
    business associates.
    DID YOU LIKE OUR PLAYBOOK
    AND IF YOU NEED MORE

    CHECKLISTS | WHITEPAPERS
    TEMPLATES | VIDEOS

    FOLLOW US ON

    You might also like