Info Sec Managment L4-Security Standards, Frameworks & Reg

To ensure the safety of their employees only

To avoid unnecessary expenses

To protect sensitive information and maintain trust

To increase the number of policies

Define governance structure

Develop policies

Identify and assess risks

Monitor performance

To avoid penalties

To ensure compliance

To improve technical skills

To protect organisational assets

To monitor employee performance

To protect assets from unauthorized access, theft, damage, or disruption

To develop company policies

To align IT processes with business goals

User account reviews

Encryption

Locks

Protect cardholder data when it is stored and in transit

Maintain a vulnerability management programme

Increase the speed of card transactions

Federal Information Processing Standards

Finding Information Processing Security

Federal Information Protection Standards

Core

Implementation Tiers

Profiles

Controls

Incident response planning

Awareness and training

Data security

To prevent cybersecurity incidents from occurring

To contain and manage incidents once they occur

To recover from incidents

The obligation to follow laws and regulations

The possibility that a threat will exploit a vulnerability and cause harm

Decision-making authority and oversight

Acceptable behaviour and security expectations