Any organization you work for is going to rely on one or more of these frameworks and standards, whether voluntarily or forced via regulation.
Controls outlined in these standards give you a good idea of both what you’ll be expected to do and how you’ll be expected to do it.
If you want to get a head start on understanding the expectations of these frameworks and standards, check out the following resources:
- ISO 27000-series
- NIST 800-30: Risk Management
- NIST 800-53: Federal Information Systems Management Act (FISMA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- Sarbanes-Oxley (SOX)
- Focus on Section 404 – Management Assessment of Internal Controls
- Gramm-Leach-Bliley Act (GLBA)
If you want to dig deeper, check out the following resources:
- COBIT 5: Control Objectives for Information and Related Technology
- ITIL Security Management
- Federal Energy Regulatory Commission: NERC Reliability Standards
- Children’s Online Privacy Protection Act (COPPA)