Member-only story
7 Security Frameworks Every InfoSec Professional Should Know
A look at the common frameworks and standards that shape Information Security programs.
Five years ago I was a junior, going on senior, in college, and had just landed my first job in the tech field. I started as an intern on a Windows engineering team and quickly became involved in some of the security initiatives that were in progress: server baselining, the creation of a gold image process, privileged access management, and more.
The common theme? These initiatives were part of one overarching goal: to become HITRUST compliant, the gold standard of healthcare data security and protection.
Back then, I was 20 years old and that term meant nothing to me, along with running a script that performed an audit on Active Directory for the purposes of a SOC II audit. Oh, and the time I sat in a conference room with the rest of my team going through CIS controls to determine if they would or wouldn’t break something in the environment.
My point is, as a 20-year-old novice in the field, just trying to process all the new terminology and technology she came across every day, I would have loved for someone to have laid out the important standards to know. Better yet, it would’ve been nice to learn these things in my…