Choosing a Security Framework
ISO, PCI, CoBIT, HIPAA, COSO, ITIL, FISMA, NYS Cyber Security Policy: All have requirements for protecting the confidentiality, integrity, and availability of information.
| Standard | Description |
|---|---|
| ISO 27001 (17799) | International Standards Organization provides a comprehensive security policy framework. However, lacks implementation guidance. |
| CoBIT | Aligns business processes with IT Governance objectives, including security processes. Does not include detailed security controls. |
| PCI Data Security Standard | Created by credit card industry to improve security surrounding card transactions. Intentionally narrow focus. |
| FISMA | Federal security standard quickly becoming best practice across industries. Can be an overwhelming amount information. |