COP_2023_V7_pages
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ecommends communication processes for communicating information risks and security objectives up or down in<br />
an organisation. The framework further allows for continuous monitoring of security events to permit prompt responses.<br />
https://www.coso.org/Pages/default.aspx<br />
9. TC CYBER<br />
The TC CYBER (Technical Committee on Cyber Security) framework was developed to improve the telecommunication<br />
standards across countries located within the European zones. The framework recommends a set of requirements<br />
for improving privacy awareness for individuals or organisations. It focuses on ensuring that organisations and<br />
individuals can enjoy high levels of privacy when using various telecommunication channels. Moreover, the framework<br />
recommends measures for enhancing communication security. Although the framework specifically addresses<br />
telecommunication privacy and security in European zones, other countries around the world also use it.<br />
https://www.etsi.org/cyber-security/tc-cyber-roadmap<br />
10. HITRUST CSF<br />
HITRUST (Health Information Trust Alliance) cyber security framework addresses the various measures for<br />
enhancing security. The framework was developed to cater to the security issues organisations within the health<br />
industry face when managing IT security. This is through providing such institutions with efficient, comprehensive,<br />
and flexible approaches to managing risks and meeting various compliance regulations. In particular, the<br />
framework integrates various compliance regulations for securing personal information. Such include Singapore’s<br />
Personal Data Protection Act and interprets relevant requirement recites from the General Data Protection<br />
Regulation. Also, the HITRUST cyber security framework is regularly revised to ensure it includes data protection<br />
requirements that are specific to the HIPPA regulation.<br />
https://hitrustalliance.net/hitrust-csf/<br />
11. CISQ<br />
CISQ (Consortium for IT Software Quality) provides security standards that developers should maintain when<br />
developing software applications. Additionally, developers use the CISQ standards to measure the size and quality<br />
of a software program. More so, CISQ standards enable software developers to assess the risks and vulnerabilities<br />
present in a completed application or one that is under development. As a result, they can efficiently address all<br />
threats to ensure users access and use secure software applications. The vulnerabilities and exploits which the<br />
Open Web Application Security Project (OWASP), SANS Institute, and CWE (Common Weaknesses Enumeration)<br />
identify forms the basis upon which the CISQ standards are developed and maintained.<br />
https://www.it-cisq.org/<br />
12. Ten Steps to Cyber security<br />
The Ten Steps to Cyber security is an initiative by the UK’s Department for Business. It provides business<br />
executives with a cyber security overview. The framework recognises the importance of providing executives with<br />
knowledge of cyber security issues that impact business development or growth, and the various measures used<br />
to mitigate such problems. This is to enable them to make better-informed management decisions in regards to<br />
organisational cyber security. As such, the framework uses broad descriptions but with lesser technicalities to<br />
explain the various cyber risks, defences, mitigation measures, and solutions, thus enabling a business to employ<br />
a company-wide approach for enhancing cyber security.<br />
https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security.<br />
MASS UK Industry Conduct Principles and Code of Practice Version 7 49