The role of voluntary regulatory frameworks

Introduction to Data Security

Angeline Corvaglia

Founder & Digital Transformation Specialist

Voluntary versus mandatory frameworks

icon voluntary regulatory frameworks

Voluntary regulatory frameworks

  • Not legally binding
  • Provide broader support to organizations
  • Flexible guidelines
  • Meet specific data security needs

icon compliance rules

Mandatory compliance rules and regulations

  • Legally binding
  • Prescriptive
  • Focus on achieving a specific outcome
Introduction to Data Security

Well-known regulatory frameworks

  • Control Objectives for Information Technology (COBIT)
  • ISO 27001
  • National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)

Frameworks to manage cybersecurity risks and protect their data

icons examples of frameworks

Introduction to Data Security

What is NIST CSF?

icon NIST CSF

  • Manage cybersecurity risk
  • Recommended best practices
  • Common language and approach
  • Five functions: identify, protect, detect, respond, and recover
Introduction to Data Security

Function 1: identify

icon NIST CSF identify

Recognizing the organization's most critical assets and understanding potential risks

Thorough risk assessments to find:

  • Vulnerabilities
  • Potential threats

Examples of these threats:

  • Data breaches
  • Malware attacks
  • Unauthorized access attempts
Introduction to Data Security

Function 2: protect

icon NIST CSF protect

Putting in place appropriate safeguards for critical data and associated risks

Examples:

  • User access controls
  • Encryption techniques
  • Data loss prevention
Introduction to Data Security

Function 3: detect

icon NIST CSF detect

Implementing continuous monitoring to discover potential cybersecurity threats and breaches

Security tools and technologies monitor:

  • Network traffic
  • User activity
  • System performance
Introduction to Data Security

Function 4: respond

icon NIST CSF respond

Well-defined incident response plan during a cybersecurity incident

Plan should include clear procedures for:

  • Identifying
  • Containing
  • Eradicating
  • Transparent communication process
Introduction to Data Security

Function 5: recover

icon NIST CSF recover

Quickly and efficiently restoring systems, data, and capabilities

Well-tested backup and recovery procedures

Introduction to Data Security

Voluntary frameworks are a secret weapon against cyber threats

  • Raise awareness
  • Help plan defenses
  • Guide resource allocation
  • Ensure compliance
  • Enable continuous improvement

icon voluntary frameworks

Choosing the best framework depends on an organization's specific needs, risk profile, and industry

  • Organization's size
  • Type of data handled
  • Regulatory requirements
  • Budget
Introduction to Data Security

Let's practice!

Introduction to Data Security

Preparing Video For Download...