PCI-DSS, ISO, HIPAA; you have probably heard many acronyms like these in reference to IT security. There are so many laws and organizations these days, it can be difficult for a person to know where to begin looking.
This blog post will help introduce you to the topic so you can consider what might apply to you.
There are three different categories of IT security acronyms you will typically see:
Some other examples of legal requirements are:
ISO is an abbreviation for the International Organization for Standardization. ISO is an international effort to come up with standardized terms and measurements for everything from timber sizes to laboratory glassware to fingerprint image data. One set of standards is ISO 27001, which details specific IT security requirements. TechGen is ISO 27001 certified, which means we have demonstrated that we meet those security standards.
Other examples of organizations that publish their own standards are:
Lots of organizations have their own list of security standards or certifications, which adds more acronyms to the mix. The SANS Institute offers GIAC or the “Global Information Assurance Certification.” ISACA publishes COBIT, which stands for “Control Objectives for Information and Related Technologies.” HITRUST regularly updates what they call the CSF or “Common Security Framework.” Some organizations use their name in their list of controls, such as CIS (the “Center for Internet Security”) which writes “CIS Controls” and “CIS Benchmarks.”
When it Comes to IT Security Acronyms, Do Your Research
When looking at IT certifications, it is important to look up what a company claims to have. A company that says they are “HITRUST Certified” is saying that an auditor has evaluated them and found they meet the CSF standards published by the HITRUST organization. That also means there is no such thing as “HIPAA Certified” because HIPAA is a law, not a list of standards or certification. A more accurate designation would be “HIPAA Compliant.”
If you are interested in increasing your level of IT security, you should research what organizations specialize in creating standards for your industry. Unlike some kinds of certifications, there is no “one size fits all” standard for technology, and there are multiple different ways to address a security problem. One sure-fire way to increase security is to utilize vendors that have their own IT certifications, that way you can trust a third party has evaluated their security.
Hopefully, this guide has given you a good start for where to begin your investigations into IT certifications. Thank you for reading, and have a secure day.