The role of voluntary regulatory frameworks

Introduzione alla sicurezza dei dati

Angeline Corvaglia

Founder & Digital Transformation Specialist

Voluntary versus mandatory frameworks

icon voluntary regulatory frameworks

Voluntary regulatory frameworks

Not legally binding
Provide broader support to organizations
Flexible guidelines
Meet specific data security needs

icon compliance rules

Mandatory compliance rules and regulations

Legally binding
Prescriptive
Focus on achieving a specific outcome

Well-known regulatory frameworks

Control Objectives for Information Technology (COBIT)
ISO 27001
National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)

Frameworks to manage cybersecurity risks and protect their data

icons examples of frameworks

What is NIST CSF?

icon NIST CSF

Manage cybersecurity risk
Recommended best practices
Common language and approach
Five functions: identify, protect, detect, respond, and recover

Function 1: identify

icon NIST CSF identify

Recognizing the organization's most critical assets and understanding potential risks

Thorough risk assessments to find:

Vulnerabilities
Potential threats

Examples of these threats:

Data breaches
Malware attacks
Unauthorized access attempts

Function 2: protect

icon NIST CSF protect

Putting in place appropriate safeguards for critical data and associated risks

Examples:

User access controls
Encryption techniques
Data loss prevention

Function 3: detect

icon NIST CSF detect

Implementing continuous monitoring to discover potential cybersecurity threats and breaches

Security tools and technologies monitor:

Network traffic
User activity
System performance

Function 4: respond

icon NIST CSF respond

Well-defined incident response plan during a cybersecurity incident

Plan should include clear procedures for:

Identifying
Containing
Eradicating
Transparent communication process

Function 5: recover

icon NIST CSF recover

Quickly and efficiently restoring systems, data, and capabilities

Well-tested backup and recovery procedures

Voluntary frameworks are a secret weapon against cyber threats

Raise awareness
Help plan defenses
Guide resource allocation
Ensure compliance
Enable continuous improvement

icon voluntary frameworks

Choosing the best framework depends on an organization's specific needs, risk profile, and industry

Organization's size
Type of data handled
Regulatory requirements
Budget

Let's practice!

Introduzione alla sicurezza dei dati