cyber

Respond .. 100 min word count

A cybersecurity compliance framework enables an organization to predict its readiness to face cyber risks and challenges. The NIST FISMA Cybersecurity Framework (CSF), emerged with its own goal of having a common set of cybersecurity rules and standards (Murphy, 2018). HIPAA, PCI, DSS, SOX and GLBA have emerged later.

     Health Insurance Portability and Accountability Act of 1996 (HIPAA) has been set up to secure personal and private health and medical records, meant primarily for healthcare industry. The primary objective is to secure health information based on privacy and security rules. Sarbanes-Oxley Act (SOX) is applicable to publicly held American companies. Its applicable to any organization or third parties who provide financial services. This is having the goal to help investors by providing them with the accurate information regarding the corporate disclosures. Payment Card Industry is mostly applicable for those who deal with credit card information and with sensitive data. The goal of PCI is to restrict the fraud activities by securing credit card related information (Murphy, 2018). Gramm-Leach-Bliley Act (GLBA) is primarily used by companies that offer financial service and its goal is to provides trust to customers about sensitive information security (Cyber-Ark Software Joins the PCI Security Vendor Alliance, 2007). PCI DSS is a set of procedures to optimize the card transactions and safeguard against the misuse of personal information. This is designated for all organizations that manages or process credit card information (Cyber-Ark Software Joins the PCI Security Vendor Alliance, 2007).

     According to me, compliance is important in a framework because it showcases that specific standards are met and helps in building the trust with stakeholders. It helps in securing the assets as the guidelines differ based on the operational nature of organization. Products companies like SAP has come up with specific archiving measures using OpenText methodology in order to help organizations to align with data archiving as part of SOX.

References:

Murphy, R. (2018, April 26). Best Practices for Cybersecurity Compliance Audits. Retrieved from https://www.blackstratus.com/best-practices-cybersecurity-compliance-audits/

Cyber-Ark Software Joins the PCI Security Vendor Alliance. (2007). Business Wire. Retrieved from https://search-ebscohost-com.lopes.idm.oclc.org/login.aspx?direct=true&db=edsggo&AN=edsgcl.158674557&site=eds-live&scope=site