2020-02-05

Review:

Auditing is measuring the state of reality and comparing it to a standard.

Standards:

• ISO
• PCI
• IEEE

Compliance

Organizations must comply with a whole bunch of cybersecurity regulations.

To help with compliance, orgs use frameworks:

Prof these aren’t frameworks. Except NIST. HIPAA and HITECH are not frameworks.

• PCI
• ISO 27001/2
• CIS Critical Security Controls
• NIST
• HIPAA
• HITECH

Whelp I was wrong those are indeed mostly frameworks.

PCI is popular, followed by ISO 27001/2, then CIS and NIST