Michael Brown | NIST CSF, 27001, HIPAA, PCI, and others: an overview of frameworks, standards, and regulations for security folks – Security B-Sides Orlando 2016 Presented By FC²

Michael Brown | NIST CSF, 27001, HIPAA, PCI, and others: an overview of frameworks, standards, and regulations for security folks

March 1, 2016March 4, 2016jtoth

Abstract

In recent years the number of regulations, standards, frameworks and the like have increased. While some are aimed at IT overall, many of them include or even focus on IT Security, which have become more important due to recent event. And this is likely to increase. Because of this, security professionals are finding themselves expected to follow, adhere to, and/or enforce these standards. But few have a decent understanding of them. Starting the Critical Security Controls (formerly known as the SANS Top 20), we’ll take a look at some of the major security frameworks and regulations out there, such as HIPAA, ISO 27001/2, NIST CSF, PCI-DSS, SOX, and others. The aim is to help security professionals understand the basics of these and get them started on learning more about them.

Outline

Overview

Standard, framework, regulations- what are they?

Critical Security Controls

HIPAA

ISO 27000

NIST CSF

PCI-DSS

GLBA

SOX

COBIT & ITIL

Wrap-up and recommendations for further study

Bio

Michael Brown, CISSP, HCISPP, CISA, CISM, CRISC, has been involved with IT for 20 years, the last ten in IT Security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant preforming security risk assessments, gap analysis, and developing policies and procedures for clients to help them implement an information security management system.