COP_2023_V7_pages
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
2. NIST Cyber security Framework<br />
NIST (The US National Institute of Standards and Technology) is part of the U.S. Department of Commerce.<br />
The NIST Cyber security Framework was developed to respond to the presidential Executive Order 13636.<br />
The executive order purpose to enhance the security of the country’s critical infrastructure, thus protecting them<br />
from internal and external attacks. Although the design of the framework aims at securing critical infrastructures,<br />
private organisations implement it to strengthen their cyber defenses. NIST CSF describes five functions that<br />
manage the risks to data and information security. The functions are: identify; protect; detect; respond; and recover.<br />
n The identify function guides organisations in detecting security risks to asset management, business<br />
environment, and IT governance through comprehensive risk assessment and management processes.<br />
n The detect function defines security controls for protecting data and information systems. These include<br />
access control, training and awareness, data security, procedures for information protection, and maintaining<br />
protective technologies.<br />
n Detect provides guidelines for detecting anomalies in security, monitoring systems, and networks to uncover<br />
security incidences, among others.<br />
n The response function includes recommendations for planning responses to security events, mitigation<br />
procedures, communication processes during a response, and activities for improving security resiliency.<br />
n The recovery function provides guidelines that a company can use to recover from attacks.<br />
https://www.nist.gov/cyberframework<br />
3. IASME Governance<br />
IASME governance refers to cyber security standards designed to enable small and medium-sized enterprises<br />
to realise adequate information assurance. The IASME governance outlines a criterion in which a business can<br />
be certified as having implemented the relevant cyber security measures. The standard enables companies to<br />
demonstrate to new or existing customers their readiness in protecting business or personal data. In short, it is<br />
used to accredit a business’s cyber security posture. The IASME governance accreditation is similar to that of an<br />
ISO 27001 certification. However, implementing and maintaining the standard comes with reduced costs,<br />
administrative overheads, and complexities. IASME standards certification includes free cyber security insurance<br />
for businesses operating within the UK.<br />
https://www.iasme.co.uk/audited-iasme-governance/<br />
4. SOC 2<br />
The American Institute of Certified Public Accountants (AICPA) developed the SOC 2 framework. The framework<br />
purpose to enable organisations that collect and store personal customer information in cloud services to maintain<br />
proper security. Also, the framework provides SaaS companies with guidelines and requirements for mitigating<br />
data breach risks and for strengthening their cyber security postures. Also, the SOC 2 framework details the<br />
security requirements which vendors and third parties must conform. The requirements guide them in conducting<br />
both external and internal threat analysis to identify potential cyber security threats. SOC 2 contains a total of 61<br />
compliance requirements, and this makes it among the most challenging frameworks to implement. The<br />
requirements include guidelines for destroying confidential information, monitoring systems for security anomalies,<br />
procedures for responding to security events, internal communication guidelines, among others.<br />
https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html<br />
MASS UK Industry Conduct Principles and Code of Practice Version 7 47