Posts

Showing posts from September, 2020

ISO, SOC, NIST, Oh My -- And Other Common Cybersecurity Compliance Requirements

Image
Depending on your industry your company may be subject to adhere to many, one, or no compliance requirements. Even for companies that have no compliance requirements, following the associated guidance and controls often results in a more secure and better documented environment. Today I'll be covering a high-level overview of some of the most common compliance requirements we run into in information security -- what they're used for, how they're different, and who they might apply to. This list is far from exhaustive, so if I've excluded any you think should be here please comment and let me know. Disclaimer: Do not take the information provided here as definitive or current to your or your organization's compliance status or situation. Consult the appropriate legal and/or regulatory guidance for your situation. ISO 27001 ISO 27000 is a family of standards published by the International Organization for Standardization . The most popular of these (at least within in