Is your business in a regulated industry, such as financial or medical? This article provides links to regulatory institutions and other organizations that provide compliance-related guidelines.
Check out these resources:
FFIEC
Federal Financial Institutions Examination Council
The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. It publishes the IT Examination Handbooks.
NIST
National Institute of Standards and Technology, U.S. Department of Commerce
NIST provides information material and guidelines for a variety of topics. One of them is information technology.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA is a series of regulations protecting the privacy and security of certain health information. Medical organizations must comply with HIPAA regulations.
PCI
PCI Security Standards Council
The Council develops standards to secure the storage and electronic transmission of credit card information. Merchants that accept credit cards must adhere to PCI standards.
SSAE 16 (superseded by an SSAE 18 on May 1, 2017)
The Statement on Standards for Attestation Engagements No. 16 (SSAE 16)
SSAE 16 is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), for redefining and updating how service companies report on compliance controls. When a company undergoes an IT audit, SAAE standards are used by auditors to evaluate a company’s internal IT processes and controls.
Here are a couple of security-related sites that can be helpful when working on improving your IT security processes and controls.
SANS
The SANS Institute is a cooperative research and education organization. It provides IT professionals with security training and certification.
Cybersecurity
As section of the FFIEC website is dedicated to cybersecurity.
CIS
Center for Internet Security
Provides best practice controls and benchmarks for IT security.
The National Cybersecurity and Communications Integration Center (NCCIC) is the Nation’s flagship cyber defense, incident response, and operational integration center. Our mission is to reduce the Nation’s risk of systemic cybersecurity and communications challenges.
DSS
Defense Security Service
Partnering with Industry to Protect National Security
NCSC
National Cyber Security Center – The UK’s independent authority on cybersecurity.