Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:
Compliance is the process of adhering to internal standards and external regulations.
Specific controls, frameworks, and compliance
Health Insurance Portability and Accountability Act, US regulation protecting the privacy and security of health information.
Payment Card Industry Data Security Standard (PCI DSS), framework for protecting payment card data.
Service Organization Control (SOC) 2, framework for assessing the security, availability, confidentiality, processing integrity, and privacy of a service organization’s system.
International standard for information security management systems (ISMS), providing a framework for managing information security risks.
General Data Protection Regulation, EU regulation protecting the privacy and security of personal data.
National Institute of Standards and Technology, US government agency that develops cybersecurity standards and guidelines.