Security Frameworks

Solutionary Managed Security Services and Security Consulting Services help organizations satisfy both common security frameworks and specific compliance requirements.

Some standards lack specific technical detail and guidance, but provide an overall program structure and the security management guidance that’s necessary to implement and maintain an effective security program. Assessing, executing, monitoring and auditing security programs using existing, proven security frameworks can strengthen security posture and support compliance with multiple regulations. Common security frameworks include ISO, COBIT, COSO and HITRUST CSF.Image

ISO/IEC 27002:2005
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) provide best practice recommendations on information security management and program elements. ISO defines the broadest structure of an effective overall program, supporting information security as a systems issue that includes technology, practice, and people, and describes the need for a formal security program.

COBIT
The Control Objectives for Information and related Technology (COBIT) is a set of best practices for IT management. COBIT focuses on defining program and management control functions. It is designed to help ensure IT programs are implemented and managed effectively to maximize the investment of technology efficiently. While not specifically a security standard, strong COBIT compliance typically indicates a higher quality of control over internal practices that help manage an effective security infrastructure, as well as sound business practice.

COSO
The Committee of Sponsoring Organizations of the Treadway Commission defined the Control Objectives for their Internal Control – Integrated Frameworks, the widely accepted control frameworks for enterprise governance and risk management, and similar compliant frameworks. COSO defines a set of business, management, and security relevant controls that can be used to demonstrate good business practice controls, and can be used to show compliance with Sarbanes-Oxley requirements.

HITRUST CSF
Developed in collaboration with healthcare and information security professionals, the Common Security Framework (CSF) is the first IT security framework developed specifically for healthcare information.

The HITRUST CSF:

  • Leverages existing, globally recognized standards, including HIPAA, NIST, ISO, PCI, FTC and COBIT
  • Scales according to type, size and complexity of an implementing organization
  • Provides prescriptive requirements to ensure clarity
  • Follows a risk-based approach offering multiple levels of implementation requirements determined by risks and thresholds
  • Allows for the adoption of alternate controls when necessary
  • Evolves according to user input and changing conditions in the healthcare industry and regulatory environment

Solutionary is a HITRUST Common Security Frameworks (CSF) Assessor. This means that Solutionary is able to deliver healthcare certification work including readiness assessments and remediation associated with the CSF. In addition to the organizational certification, Solutionary has a team of security professionals certified as CSF Practitioners for effective and efficient implementation of the CSF.

Compliance Activity Solutionary Services
and Capabilities
Regulatory Mapping
Assess & Measure Gaps Security Consulting Services ISO/IEC 27001/2-2005; COBIT 4.1; COSO from COBIT 4.1; HITRUST CSF
Remediation & Enhancement Security Consulting Services; Certified HITRUST CSF Practitioners; Authorized partner consulting services ISO/IEC 27001/2-2005; 87 COBIT controls with technical and security requirements; 144 COSO controls with technical and security requirements
Execute & Monitor Security Program Log Management; Log Monitoring; Vulnerability Management; Security Device Management; UTM for ISO, COBIT, COSO; Endpoint Device Management; Authorized partner consulting services 152 of 191 ISO security controls; 40 COBIT controls with technical and security requirements; 59 COSO controls with technical and security requirements; 77 of 136 HITRUST CSF security specifications
Demonstrate Compliance ActiveGuard Evidence Log Vault; ActiveGuard Security Compliance Reporting 33 ISO security controls with auditing and reporting requirements; 23 COBIT controls with auditing and reporting requirements; 23 COSO controls with auditing and reporting requirements; 42 CSF security specifications with auditing and reporting requirements

Request More Info

* Required

What's New

Blog: Five Million Gmail Passwords Leak

Research: NTT Group 2014 Global Threat Intelligence Report

White Paper: Seven Steps for Better DoS and DDoS Protection