Loading Oranges…

Michael Brown | NIST CSF, 27001, HIPAA, PCI, and others: an overview of frameworks, standards, and regulations for security folks

Abstract

In recent years the number of regulations, standards, frameworks and the like have increased.  While some are aimed at IT overall, many of them include or even focus on IT Security, which have become more important due to recent event.  And this is likely to increase. Because of this, security professionals are finding themselves expected to follow, adhere to, and/or enforce these standards.  But few have a decent understanding of them.  Starting the Critical Security Controls (formerly known as the SANS Top 20), we’ll take a look at some of the major security frameworks and regulations out there, such as HIPAA, ISO 27001/2, NIST CSF, PCI-DSS, SOX, and others.  The aim is to help security professionals understand the basics of these and get them started on learning more about them.
Outline
Overview
Standard, framework, regulations- what are they?
Critical Security Controls
HIPAA
ISO 27000
NIST CSF
PCI-DSS
GLBA
SOX
COBIT & ITIL
Wrap-up and recommendations for further study

Bio

Michael Brown, CISSP, HCISPP, CISA, CISM, CRISC, has been involved with IT for 20 years, the last ten in IT Security. Moving from a security admin to a global security architect, he has been working for the last few of years as an IT security consultant preforming security risk assessments, gap analysis, and developing policies and procedures for clients to help them implement an information security management system.