Benchmarks, Standards, Frameworks and Regulations: What’s the Difference?
The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They each offer in-depth guidance on how to apply security, how to build an effective security program and how to measure security investments.
The challenge is how to navigate the myriad source materials, identify the most salient and effective components of each document, and then use that information to build the most effective security program for the organization.
Tripwire offers this comparison of the Payment Card Industry Data Security Standards (PCI DSS) and the Center for Internet Security (CIS) Controls to help you and your organization understand the benefits and values of each, and to help you take advantage of them within your organization.