Security Frameworks & Compliance Expertise

I have extensive experience implementing and maintaining compliance with various security frameworks and regulations. My expertise helps organizations establish robust security postures and meet regulatory requirements.

ASD Essential Eight

The Australian Signals Directorate's Essential Eight is a prioritized list of mitigation strategies to assist organizations in protecting their systems against cyber threats.

Key Components:

Application Control

Patch Applications

Configure Microsoft Office Macro Settings

User Application Hardening

Restrict Administrative Privileges

Patch Operating Systems

Multi-factor Authentication

Regular Backups

ISO/IEC 27001

ISO/IEC 27001 is an international standard for information security management systems (ISMS), providing a systematic approach to managing sensitive company information.

Key Components:

Information Security Policies

Organization of Information Security

Human Resource Security

Asset Management

Access Control

Cryptography

Physical and Environmental Security

Operations Security

Communications Security

System Acquisition, Development and Maintenance

NIST CSF

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.

Key Components:

Identify

Protect

Detect

Respond

Recover

APPs

The Australian Privacy Principles (APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988, setting out how personal information should be handled.

Key Components:

Open and Transparent Management of Personal Information

Anonymity and Pseudonymity

Collection of Solicited Personal Information

Dealing with Unsolicited Personal Information

Notification of the Collection of Personal Information

Use or Disclosure of Personal Information

Direct Marketing

Cross-border Disclosure of Personal Information

GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

Key Components:

Lawfulness, Fairness and Transparency

Purpose Limitation

Data Minimization

Accuracy

Storage Limitation

Integrity and Confidentiality

Accountability

Data Subject Rights

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

Key Components:

Build and Maintain a Secure Network

Protect Cardholder Data

Maintain a Vulnerability Management Program

Implement Strong Access Control Measures

Regularly Monitor and Test Networks

Maintain an Information Security Policy

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a US law designed to provide privacy standards to protect patients' medical records and other health information.

Key Components:

Privacy Rule

Security Rule

Breach Notification Rule

Enforcement Rule

Omnibus Rule

CIS Controls (v8)

The Center for Internet Security (CIS) Controls are a prioritized set of actions that collectively form a defense-in-depth set of best practices to mitigate the most common attacks against systems and networks.

Key Components:

Basic CIS Controls

Foundational CIS Controls

Organizational CIS Controls

Implementation Groups

SOC 2

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data.

Key Components:

Security

Availability

Processing Integrity

Confidentiality

Privacy