Any organization you work for is going to rely on one or more of these frameworks and standards, whether voluntarily or forced via regulation.
Controls outlined in these standards give you a good idea of both what you’ll be expected to do and how you’ll be expected to do it.
If you want to get a head start on understanding the expectations of these frameworks and standards, check out the following resources:
- ISO 27000-series
- NIST Cybersecurity Framework
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- Sarbanes-Oxley (SOX)
- Focus on Section 404 – Management Assessment of Internal Controls
- Gramm-Leach-Bliley Act (GLBA)
- General Data Protection Regulation (GDPR)
If you want to dig deeper, check out the following resources:
- COBIT 5: Control Objectives for Information and Related Technology
- ITIL Security Management
- Children’s Online Privacy Protection Act (COPPA)
- Family Educational Rights and Privacy Act (FERPA)
- North American Electric Reliability Protection Critical Infrastructure Protection (NERC CIP)
Of course, this list is just the tip of the iceberg. For a more comprehensive list of security and privacy authorities, check out the Unified Compliance Framework.