Cybersecurity standards have been around for the last few decades and are a set of best practices for protecting your business from threats, vulnerabilities, and unauthorized access and security attacks. There are numerous groups that have established recommended cybersecurity standards. Each framework has its own pros and cons. A study in 2016 determined that 70% of organizations that followed a cybersecurity framework used NIST as the best practice standard for information technology. Below is a list of some of the various standards.
Payment Card Industry Data Security Standard (PCI-DSS)
In September 2006 MasterCard, Visa, American Express, JCB International and Discover Financial Services combined their individual security policies and created the Payment Card Industry Data Security Standard (PCI DSS). The standard was founded to control the security of cardholder data, and to reduce credit card fraud by performing annual compliance validation conducted by a third party.
Health Insurance Portability and Accountability Act (HIPAA)
To protects health insurance coverage for employees, prevent fraud and abuse, the Health Insurance Portability and Accountability Act of 1996 (HIPPA) was formed. As part of the HIPAA act, the security rule classifies administrative, physical and technical safeguards. The technical security controls limit access to computer systems and require encryption for electronically transmitted data.
National Institute of Standards and Technology (NIST)
A physical sciences laboratory, National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Department of Commerce. Up until 1988 it was formerly known as the National Bureau of Standards. NIST’s main purpose is to “encourage U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”
In 1987 the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) jointly founded ISO/IEC JTC 1 to develop, maintain and promote standards in the fields of information technology (IT) and Information and Communications Technology (ICT). The purpose was to merge into a single group, and help organizations developing enterprise and business security standards. There are several ISO/IEC variant standards used such as 22301, 27001, 27002, 27031, 27032, & 27035.
Consortium for IT Software Quality (CISQ)
CISQ was jointly organized in August 2009 by the Software Engineering Institute (SEI) and Object Management Group (OMG) at Carnegie Mellon University. Its purpose was to develop an industry-wide standard to measure performance, quality, security, and improve IT software.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation was adopted on April 14,2016 and implemented on May 25, 2018 as a standard for consumer rights regarding data privacy and protection in the European Union. The GDPR says that companies must provide “reasonable” levels of protection for personal data and that personal data fields such as addresses, and IPs be at the same protection levels as social security numbers.