Many organizations have to comply with a mixture of state, industry-specific, and international cybersecurity regulations. The challenge for an organization trading nationally, or even globally, is considerable.
According to Tenable’s Trends in Security Framework Adoption Survey, 84% of organizations in the US leverage a security framework in their organization, and 44% use more than one framework.
The most cyber secure sector
Of all the companies considered in the survey, those in the banking and finance sector most frequently adopted security frameworks (16%), followed closely by information technology (15%). The health care and medical sector was the worst, with 27% not having any framework in place at all.
The top four cybersecurity frameworks
The most frequently adopted frameworks should come as no surprise to security practitioners:
- PCI DSS (47%)
- ISO 27001/27002 (35%)
- CIS Critical Security Controls (32%)
- NIST Framework for Improving Critical Infrastructure Security (29%)
Does company size matter?
Companies with more than 10,000 employees are slightly more likely to have adopted a security framework (90%) but even smaller companies with fewer than 1,000 employees report significant rates of adoption (77%).
Complying with multiple cybersecurity regulations
As the number of cyber attacks continues to rise, businesses are under increasing pressure to protect their systems from cyber attacks and data misuse. But the challenge of complying with multiple cybersecurity regulations is considerable.
The ISO 27001 Cybersecurity Documentation Toolkit will help you fulfill your cybersecurity obligations, build a robust cybersecurity management system, and comply with:
- NIST SP 800-53
- New York Department of Financial Services Cybersecurity Requirements for Financial Services Companies
- Massachusetts 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth
- ISO 27001, the internationally recognized cybersecurity framework
Containing customizable templates developed by industry experts, this toolkit provides a framework for you to build a robust management system that complies with multiple regulations.
Lead your ISO 27001 project with Lead Implementer training
This three-day live online course will help you implement an information security management system (ISMS), allowing your business to achieve and demonstrate compliance with key legislation where data security is essential, including the New York DFS Cybersecurity Requirements (23 NYCRR 500), NIST SP 800-53, FedRAMP, and the Sarbanes–Oxley Act.