Scribd
Upload
14 views

Information security

Uploaded by

Our Pakistan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Information security

Uploaded by

Our Pakistan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Information Security

Submitted To: Madam Maha


Submitted By: Khansa fiaz
Roll No: BS-IT-F23-R-018
Table of content

Contents
Definition of Information Security Standards ............................. 2
Key Objectives ............................................................................ 2
Why Standards Are Important .................................................... 2
Standards:................................................................................... 2
2. NIST Frameworks (U.S.) .......................................................... 3
3. PCI DSS (Payment Card Industry Data Security Standard) ...... 3
4. COBIT (Control Objectives for Information and Related
Technology) ................................................................................ 3
5. GDPR (General Data Protection Regulation) .......................... 4
6. HIPAA (Health Insurance Portability and Accountability Act) . 4
7. SOC (Service Organization Controls) ....................................... 4
8. ITIL (Information Technology Infrastructure Library) ............. 4

1|Page
Information Security Standards
Definition of Information Security Standards
Information security standards are a set of policies, procedures, and best practices designed to protect
an organization’s data and systems from threats such as unauthorized access, data breaches, or
cyberattacks. These standards provide a framework for managing security risks and ensuring the
confidentiality, integrity, and availability of information.

Key Objectives
The primary goal of security standards is to uphold the CIA triad:
1. Confidentiality: Ensuring that information is accessible only to authorized individuals.
2. Integrity: Maintaining the accuracy and trustworthiness of data throughout its lifecycle.
3. Availability: Ensuring that information and systems are accessible when needed by authorized users.

Why Standards Are Important


 Uniformity: Standards ensure consistency in implementing security measures across different
organizations and industries.
 Trust: Following recognized standards builds trust with customers, partners, and stakeholders by
demonstrating a commitment to security.
 Global Applicability: International standards like ISO/IEC 27001 are applicable across borders,
enabling global organizations to maintain consistent security practices.

Standards:
1. ISO/IEC Standards
The ISO/IEC standards are global frameworks created by the International Organization for
Standardization (ISO) and International Electrotechnical Commission (IEC).
ISO/IEC 27001
 A globally recognized standard for managing information security.
 It focuses on creating an *Information Security Management System (ISMS)* to protect data
confidentiality, integrity, and availability.
 Companies implement policies, procedures, and risk assessments to meet this standard.
ISO/IEC 27002
 Provides detailed *best practices* for implementing security controls in areas like access control,
encryption, and incident response.
 It’s often used alongside ISO 27001.
ISO/IEC 27005
 Focuses specifically on *risk management*.

2|Page
 Guides organizations in identifying, assessing, and addressing information security risks.
ISO/IEC 27701
 An *extension to ISO 27001* that focuses on *privacy information management*.
 It ensures compliance with privacy regulations like GDPR.

ISO/IEC 22301
 Focuses on *business continuity management*.
 Helps organizations plan for and recover from disruptions like cyberattacks or natural disasters.

2. NIST Frameworks (U.S.)


Developed by the National Institute of Standards and Technology, these are widely used frameworks for
managing cybersecurity.
NIST Cybersecurity Framework (CSF)
 Provides guidelines for identifying, protecting, detecting, responding to, and recovering from
cybersecurity risks.
 Suitable for organizations of all sizes and industries.
 Flexible and aligns with other standards like ISO 27001.
NIST SP 800-53
 Provides a *catalog of security and privacy controls* for U.S. federal systems.
 Includes controls for system integrity, user access, and incident response.
NIST SP 800-171
 Focuses on protecting *Controlled Unclassified Information (CUI)* in non-federal systems.
 Often required for contractors working with U.S. government agencies.

3. PCI DSS (Payment Card Industry Data Security


Standard)
 A standard for securing *payment card transactions* (e.g., credit and debit cards).
 Created by major card brands like Visa and MasterCard.
 Key requirements:
 Secure network and systems (firewalls, encryption).
 Protect cardholder data.
 Regularly test security systems.
 Maintain a security policy.

4. COBIT (Control Objectives for Information and


Related Technology)
 A framework by ISACA for *IT governance and management*.

3|Page
 Helps organizations align their IT goals with business goals.
 It has five domains:
 Evaluate, Direct, and Monitor.
 Align, Plan, and Organize.
 Build, Acquire, and Implement.
 Deliver, Service, and Support.
 Monitor, Evaluate, and Assess.

5. GDPR (General Data Protection Regulation)


 A European Union regulation for *data protection and privacy*.
 Key points:
 Requires businesses to get *explicit consent* for collecting personal data.
 Provides individuals with rights like data access, correction, and deletion.
 Non-compliance can result in heavy fines.

6. HIPAA (Health Insurance Portability and


Accountability Act)
 A U.S. regulation for protecting *healthcare information*.
 Ensures the confidentiality, integrity, and availability of health data.
 Covers two main rules:
 Privacy Rule: Protects patient data (e.g., medical history).
 Security Rule: Ensures secure handling of electronic health records (EHRs).

7. SOC (Service Organization Controls)


These standards evaluate the security of *service providers*.
 SOC 1
Focuses on financial reporting and controls (e.g., payroll or accounting services).
 SOC 2
Focuse on data security, availability, processing integrity, confidentiality, and privacy.
Suitable for cloud providers and IT services.
 SOC 3
A simplified, public version of SOC 2 for general audiences.

8. ITIL (Information Technology Infrastructure Library)


 A set of guidelines for *IT service management* (ITSM).
 Helps organizations deliver IT services that meet customer needs.
 Includes a focus on information security management as part of broader IT processes.

4|Page

You might also like