.svg)
.png)
.png){kind=icon}
.png){kind=icon}
.png){kind=icon}
.png){kind=icon}
.svg)
Cyberday offers a growing list frameworks that are all cross-linked to our task library. Frameworks provide you with a structured approach; you have something to base your work on and you always know your current security level while building your ISMS. Choose the frameworks that best suit your needs and objectives.
Vaatimukset täyttyvät jalkauttamalla digiturvatehtäviä.
Mitä kukin tekee digiturvan eteen?
Osa tehtävistä vaatii asioiden ohjeistamista henkilöstölle.
Mitä pitää muistaa arjessa?
Osa tehtävistä vaatii listausten pitoa tietoturvan ydinelementeistä.
Mistä pitää voida raportoida?
Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.
ISO 27001:2022 is divided to 3 separate levels in Cyberday, so you can either start small or go for the certification-level ISMS directly.
Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.
ISO 27001:2022 is divided to 3 separate levels in Cyberday, so you can either start small or go for the certification-level ISMS directly.
NIST Cybersecurity Framework is a collaborative effort coordinated by The National Institute of Standards and Technology (NIST, part of the U.S. Department of Commerce) and involving industry, academia, and government.
Framework is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.
GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.
ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.
ISO 27017 gives cloud-specific additions to ISO 27001, so these two frameworks should be used together.
ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).
ISO 27018 gives cloud-specific additions to ISO 27001, so these two frameworks should be used together.
ISO 27701 is a privacy extension to ISO 27001. The framework aims to upgrade the existing Information Security Management System (ISMS) with additional requirements related to processing and protecting personal data in order to establish also a Privacy Information Management System (PIMS).
Certifications are available for ISO 27701. As the framework extends ISO 27001, organizations seeking an ISO 27701 certification will need to have the ISO 27001 certification.
ISO 13485:2016 specifies requirements for an organisation that needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.
Organisation utilising ISO 13485 can be involved in one or more stages of the life-cycle (e.g. design, development, production, storage, distribution, installation, or servicing) of a medical device or provision of associated activities (e.g. technical support).
ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organisations.
N.b.! Only the framework structure is currently available in Cyberday.
NIS 2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive, such as energy, transport, health, food, waste, public administration and digital infrastructure - and even more importantly to their supply chains.
NIS 2 tigthtens the rules and expand its scope when compared to original NIS Directive from 2016. It also adds top management accountability and tightens sanctions for non-compliance.
SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).
SOC 2 includes 5 different requirement sets: security, availability, processing integrity, confidentiality and privacy. A SOC 2 audit can be carried out related to one or all of these criteria. Each criteria has specific requirements that the company needs to comply with by implementing controls.
The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally.
PCI DSS provides a baseline of technical and operational requirements designed to protect account data. While specifically designed to focus on environments with payment card account data, PCI DSS can also be used to protect against threats and secure other elements in the payment ecosystem.
GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.
Cyber Essentials is backed by the United Kingdom's government to help protect organisations, large or small, from cyber attacks. It is a good tool for getting the essentials of cyber security to a level which helps decrease the chance of your organisation to be vulnerable to basic cyber attacks.
ISO 22301 specifies requirements for building a management system that protects organization's business continuity by ensuring preparedness, response and recovering from disruptions.
ISO 22301 is generic and applicable to all organizations, regardless of type, size and nature of the organization. Organization can also get certified against ISO 22301.
HIPAA is a series of regulatory standards outlining the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated in the USA by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).
The Center for Internet Security (CIS) has created CIS 18, a prioritized set of best practices created to stop the most pervasive and dangerous cyber security threats of today.
CIS 18 has been developed by leading security experts from around the world and is refined and validated every year.
Choose the framework you're interested in to learn more or view the whole framework library.
"A ready-made operating model for managing digital security and implementing various themes speeds up the start of digital security work, helps to get up to speed and helps people to participate in work more flexibly."
"With the help of Cyberday it is possible to significantly reduce the municipality's burden in managing the requirements set by law and to increase the efficiency of management and control work related to digital security. The service helps to increase the personnel's cyber security skills and to take care of their own responsibilities on time."
"Cyberday has helped to understand the requirements of the GDPR holistically and to organize the cooperation through which data protection issues are taken over in the organization."
Start free, in your familiar Teams environment.
If you have some questions first, book a meeting with us.
.svg)
.png){kind=icon}
.png){kind=icon}
