Member-only story

7 Security Frameworks Every InfoSec Professional Should Know

A look at the common frameworks and standards that shape Information Security programs.

Katlyn Gallo
Dark Roast Security
9 min readFeb 7, 2022

--

Photo by Dakota Roos on Unsplash

Five years ago I was a junior, going on senior, in college, and had just landed my first job in the tech field. I started as an intern on a Windows engineering team and quickly became involved in some of the security initiatives that were in progress: server baselining, the creation of a gold image process, privileged access management, and more.

The common theme? These initiatives were part of one overarching goal: to become HITRUST compliant, the gold standard of healthcare data security and protection.

Back then, I was 20 years old and that term meant nothing to me, along with running a script that performed an audit on Active Directory for the purposes of a SOC II audit. Oh, and the time I sat in a conference room with the rest of my team going through CIS controls to determine if they would or wouldn’t break something in the environment.

My point is, as a 20-year-old novice in the field, just trying to process all the new terminology and technology she came across every day, I would have loved for someone to have laid out the important standards to know. Better yet, it would’ve been nice to learn these things in my…

--

--

Dark Roast Security
Dark Roast Security

Published in Dark Roast Security

Dark Roast Security’s mission is to inspire, educate, and share ideas about InfoSec. Follow to join our community!

Katlyn Gallo
Katlyn Gallo

Written by Katlyn Gallo

Coffee lover, bookworm, and InfoSec enthusiast | Find me on Twitter & Instagram: @ktgblogstech

Responses (3)