Regulatory framework, international standards and certifications in cybersecurity and information management.
π Management Systems
ISMS (Information Security Management System)
Comprehensive security management framework
ISO 27001
International standard for information security management
Compliance
Regulatory and normative compliance
π Data Protection
GDPR (General Data Protection Regulation)
EU General Data Protection Regulation
π‘οΈ Security Standards
CIS Benchmarking
Center for Internet Security - Security benchmarks
NIST Cybersecurity Framework
NIST cybersecurity framework for risk management
PCI DSS
Payment Card Industry Data Security Standard
ποΈ Governance and Management Frameworks
COBIT
IT governance and management framework to align technology with business objectives
ITIL
IT Infrastructure Library - Best practices for service management
CMMI
Capability Maturity Model Integration for organizational process improvement
π₯ Sectoral Regulations
HIPAA
Health Insurance Portability and Accountability Act for medical information protection
SOX
Sarbanes-Oxley Act for financial transparency and internal controls in public companies
π Related Concepts
- Information Security Governance - Framework that implements regulations
- Policies and Procedures - Documents that support compliance
- Risk Assessment - Process required by regulations
- Monitoring and Review - Continuous compliance control
- Due Diligence - Third-party compliance assessment
- Metrics and KPIs - Compliance measurement
- CISO - Role responsible for compliance
- Audits - Compliance verification