Difference between revisions of "Security"
Jump to navigation
Jump to search
(add security frameworks) |
(format header row) |
||
| Line 27: | Line 27: | ||
{| class="wikitable" | {| class="wikitable" | ||
!Framework | !Framework | ||
| − | + | !Purpose | |
| − | + | !Best Suited For | |
| − | + | !Certification | |
| − | + | !Certification Method | |
| − | + | !Audit Duration | |
| − | + | !Audit Frequency | |
|- | |- | ||
!SOC 2 | !SOC 2 | ||
| Line 150: | Line 150: | ||
#https://wiki.mozilla.org/Security | #https://wiki.mozilla.org/Security | ||
#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices | #https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices | ||
| − | #https://secureframe.com/blog/security-frameworks | + | #https://secureframe.com/blog/security-frameworks |
[[Category:Security]] | [[Category:Security]] | ||
Revision as of 13:55, 25 August 2023
Security 
| |
|---|---|
 | |
| Image shows: | Lets Encrypt |
| Summary | |
| Title: | Security |
| Description: | Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security. |
| More | |
| Notes: | Certificates provided by the Let's Encrypt project |
| Test: | Test on SSL Labs.com |
| Example: | See File:Certificate grade.png |
free software that secures your communication[edit | edit source]
The Onion Router (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications.
There are others too... like Jami
https://signal.org/ offers tools that integrate with your iPhone or Android phone and desktop.
Security Frameworks[edit | edit source]
14 Security Frameworks You Should Know
| Framework | Purpose | Best Suited For | Certification | Certification Method | Audit Duration | Audit Frequency |
|---|---|---|---|---|---|---|
| SOC 2 | Manage customer data | Companies and their third-party partners | N/A | Authorized CPA firms | 6-month period | Every year |
| ISO 27001 | Build and maintain an information security management system (ISMS) | Any company handling sensitive data | Yes | Accredited third-party | 1 week-1 month | Every year |
| NIST Cybersecurity Framework | Comprehensive and personalized security weakness identification | Anyone | N/A | Self | N/A | N/A |
| HIPAA | Protect patient health information | The healthcare sector | Yes | The Department of Health and Human Services (third-party) | 12 weeks | 6 per year |
| PCI DSS | Keep card owner information safe | Any company handling credit card information | Yes | PCI Qualified Security Assessor (third-party) | 18 weeks | Every year |
| GDPR | Protect the data of people in the EU | All businesses that collect the data of EU citizens | Yes | Third-party | About 30 days | Depends on preference |
| HITRUST CSF | Enhance security for healthcare organizations and technology vendors | The healthcare sector / Anyone | Yes | Third-party | 3-4 months | Every year |
| COBIT | Alignment of IT with business goals, security, risk management, and information governance | Publicly traded companies | Yes | ISACA (third-party) | N/A | N/A |
| NERC-CIP | Keep North America’s bulk electric systems operational | The utility and power sector | Yes | Third-party | Up to 3 years | Every 5 years |
| FISMA | Protect the federal government’s assets | The federal government and third parties operating on its behalf | Yes | The FISMA Center | 12 weeks | Every year |
| NIST Special Publication 800-53 | Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice | Government agencies | N/A | Self | N/A | N/A |
| NIST Special Publication 800-171 | Management of controlled unclassified information (CUI) to protect federal information systems | Contractors and subcontractors of federal agencies | N/A | Self | N/A | N/A |
| IAB CCPA | Protecting California consumers’ data | California businesses and advertising tech companies | N/A | Self | N/A | N/A |
| CIS Controls | General protection against cyber threats | Anyone | Yes | Third-party |
