The Comprehensive Security Guide provides security executives with a single document that gathers standardized and easy to use templates of all main compliance frameworks: PCI-DSS, HIPAA, NIST Cyber Security Framework and GDPR.
Prior to having an external auditor excavating through the organizations’ security stack internals, it makes sense for the security stakeholders to independently conduct a rough gap analysis of their environment and the regulation they seek to comply with.
Instead of crafting a compliance matrix from scratch or searching across the web for a free template, CISOs can now use the guide to access a wide range of assessment templates. While probably not all of them will be simultaneously used in a single organization, every organization will find at least one of them useful.
The guide features assessment templates for the following regulations:
Payment Card Industry Data Security Standard (PCI DSS)
Information security standard for any organization that handle branded credit cards from the major card schemes. Proving that an organization complies with PCI-DSS is essential in shielding an organization from lawsuits that can arise in a breach scenario that entails the compromise of credit card data.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.
NIST Cyber Security Framework (CSF)
A policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyberattacks. NIST CSF applies to all organizations and is not confined to a certain vertical. While not a binding regulation in the strict sense of the term, NIST CSF is rapidly becoming the general industry cybersecurity common standard and in practice serves as an indication that sound cybersecurity policies are implemented and practiced.
General Data Protection Regulation (GDPR)
regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. GDPR applies to any organization that stores and processes EU citizens PII regardless if of its location. Failure to comply with GDPR results with fines that can reach 5% from the violating organization annual revenue.
Security
via https://www.aiupnow.com
Help Net Security, Khareem Sudlow