In cybersecurity and compliance, terms like “framework” and “regulations” are often used interchangeably. As such, non-specialists might struggle to understand how different guidelines and regulatory bodies fit together to support cybersecurity. For example, the National Institute for Standards and Technology (NIST) provides several documents outlining guidelines and compliance requirements. However, in terms of larger frameworks, it provides two major examples: the Risk Management Framework (RMF) and the Cybersecurity Framework (CSF).

This article will cover the latter of these two, how they fit into government-sponsored cybersecurity concerns and what that means for your organization. 

Read More

The U.S. faced several disheartening and frustrating scandals in the earliest part of the century. Without regulations guiding them to be transparent, corporations were regularly falsifying financial records or defrauding their investors. To curb this issue, Congress passed the Sarbanes-Oxley Act. This act, also known as SOX, codified a set of reporting and auditing standards into law to force corporations to provide truthful and accurate financial information and avoid further fraud issues. 

Here we discuss some of the implications of SOX and how you can approach compliance for your publicly traded company. 

Read More

The ISO 27000 series is a set of important security documents released by the International Organization for Standardization (ISO) to provide a guideline for best practices in IT security management, ISMS development and organizational security and risk management practices. The earlier documents (27001, 27002, etc.) serve as a baseline for this series, and many of the following documents build from that foundation. 

Later documents in the series develop guidelines describing more specialized applications. One of these, ISO 27017, address security practices for the expanding area of cloud infrastructure that most of our business operations rely on. 

Read More