Standards Overview

As a business owner, operational manager, or IT manager you have spent a tremendous amount of time and effort to build your client base. It only make sense to consider security as part of you continued service offering to you clients. However, we understand the perceived complexity these standards can present.

Citadel specializes in simplifying the standards listed below. We can assist clients in the understanding and implementation of the standards in their environment. While we understand the documents can be overwhelming and difficult to understand, our advisors can clarify and focus you on those security documents most pertinent to your business. We simplifying and codify the standards for your use to ensure a simplified implementation. We strive to ensure we train you to understand and follow the standards in a manner that limits operational impact and allows you to use proper security controls to protect you business environment.

download (3).png

 

ISO creates documents that provide requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose.

ISO has published thousands of International Standards and have focused their 27000 series primarily on Cyber Security. The most relevant standards are:

  1. ISO/IEC 27001 - Information security management systems
  2. ISO/IEC 27002 - Code of practice for information security controls
  3. ISO/IEC 27005 - Information security risk management
  4. ISO/IEC 27015 - Information security management guidelines for financial services
  5. ISO/IEC 27017 - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
  6. ISO/IEC 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  7. ISO/IEC 31000 - Risk management - Principles and guidelines
  8. ISO/IEC 27031 - Guidelines for information and communication technology readiness for business continuity

By focusing on 27001 and 27002 a firm can strive toward certification and show clients how focused they are on protecting environments and data.


download (2).png

The National Institute of Standards and Technology is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.

NIST Cyber Security Framework

NIST 800 Series Documentation (Computer security)

NIST 1800 Series Documentation (Cybersecurity practice guides)

NIST Small Business Security (The Fundamentals)

NIST - 171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations


Other Pertinent Controls / Frameworks


Vendor Risk Management Solutions

Founded by a consortium of leading financial services companies, including American Express, Bank of America, JPMorgan Chase and Wells Fargo, TruSight provides mutual benefits for financial institutions and their third-party service providers, and elevates the discipline of third-party management industry-wide.

The Shared Assessments Program has been setting the standard in third party risk management since 2005, when the Big Four and six global banks collaborated to form Shared Assessments to address the inefficiencies surrounding vendor risk management.

Vendor management software for mortgage companies, banks, credit unions, nonprofit organizations & more

BitSight transforms how companies manage third and fourth party risk, underwrite cyber insurance policies, benchmark security performance, and assess aggregate risk with objective, verifiable and actionable Security Ratings.

SecurityScorecard's software, allows users to view and monitor security ratings, easily add vendors or partner organizations, and report on the cyberhealth of their ecosystem. Insights also provides access to analytics, compliance, collaboration, digital asset management, and other tools that help enterprises better manage security and meet compliance objectives.

Hiperos 3PM™ is the leading platform for third party management. Aware of the constant pressure to do more with less and accelerate time-to-value, Hiperos has developed a comprehensive set of best practice, template-based solutions that address specific third party management requirements