The MBA Guide to IT

Episode 53 – What are some good frameworks for managing Cybersecurity?

We’ve been talking about Cybersecurity this week, but we’re not alone.  Other people got there first and wrote down some notes.  So, what are some good frameworks for managing Cybersecurity? You’ve probably been told to be safe on the web.  Or use long passwords.  Mine is antidisestablishmentarianism.  Good ideas, but that’s not a formal approach to Cybersecurity. There are numerous frameworks, but here are some popular ones:

  • The NIST Cybersecurity Framework is a good place to start for most businesses. You’ll likely need help from IT folks to run through it.

  • If you’re in the defense supply chain, they may require NIST 800-171 for protecting controlled but unclassified information. NIST has other documents for federal agencies themselves.

  • ISO 27001 is sort of like ISO 9000 but for Information Systems. You create policies and practices and then show the auditor your evidence.

  • In healthcare, you may want to certify against the HITRUST cybersecurity framework which comprehends the HIPAA Security rule and various frameworks.

  • If you process credit cards, the Payment Card Industry (PCI) rules may apply
  • And don’t forget the numerous private industry frameworks.  If your clients are larger than you are, they may send you a lengthy questionnaire to complete.  Manufacturers are starting to pass down requirements to their suppliers. If you’re getting a financial audit, the CPAs have several pages of cybersecurity questions as well. I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

    Episode #53 – 2/21/2019

    We use cookies to operate the site, improve your experience, and personalize our interactions with you.
    By continuing to use our site, you accept our use of cookies.
    Please see our Privacy Policy, Terms of Use, Disclaimer, and Cookie Policy.