Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process.

All Standards |Security

7 Security Challenges Most SaaS Business Comes Across

Placing data on the cloud always sounds like a great idea – many big companies are doing it and there seems to be endless space. However, like any other online platform, there are security issues to be addressed for a SaaS business. SaaS security issues could range anywhere from data…

NIST 800-82

What is the NIST SP 800-82 Framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that are commonly used in the electric, water and wastewater, oil and natural gas, pulp and paper, pharmaceutical, chemical, food and…

NIST 800-207 (Zero Trust)

What is the Zero Trust Model? Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses on the notion that organizations shouldn’t give immediate trust to any internal or external source, and must always examine and uphold…

HECVAT

What is HECVAT? The Higher Education Community Vendor Assessment Toolkit (HECVAT) is a risk assessment template that was created in 2016 specifically for higher education institutions to assess vendor risk. HECVAT was created by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group, in collaboration with Internet2 and…

SIG

What is the SIG Framework? The Standardized Information Gathering (SIG) questionnaire is used to conduct an initial evaluation of suppliers, gathering information to determine how security risks are managed based on 18 individual risk controls. It is a comprehensive risk assessment framework for cybersecurity, privacy, data security, IT and business…

NIST SP 800-53

What is the NIST SP 800-53 framework? NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as well as to ensure the security of citizens’ private data. It applies to any federal organization (except national security agencies) and,…

COSO

What is the COSO Framework? The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance through effective internal control, enterprise risk management (ERM) and fraud deterrence. In 1992, COSO developed the Internal Control-Integrated Framework, a model…

NIST 800-46

What is the NIST 800-46 Framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for all federal agencies. ​ The NIST 800-46 framework assists companies of all sizes, sectors and industries in safeguarding their IT systems and…

COBIT 5

What is COBIT 5? COBIT is an IT management framework created by ISACA (Information Systems Audit and Control Association), which helps organizations achieve their goals for governance and management of enterprise information and technology resources (IT). COBIT 5’s most recent version, was released in 2012. Simply put, COBIT 5 enables…

ICDM

What is the ICDM Framework? The Israeli Cyber Defense Methodology (ICDM), also known as The Corporate Defense Methodology is part of the National Defense Concept, which includes a variety of levels of security for the Israeli economy and organizational continuity. This methodology has been developed by Israel National Cyber Directorate…

ASVS

What is the ASVS Standard? The Open Web Application Security Project (OWASP), is a non-profit international organization dedicated to improving the security of web applications. All of OWASP’s resources are freely accessible and easy to find on their website, enabling any company to enhance and develop the security and protection…

MITRE ATT&CK

MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment, assisting organizations in identifying cyber-defense gaps. The basis for MITRE ATT&CK came from Lockheed Martin’s Cyber Kill Chain. ​ The framework aims to compile a detailed list…

ISO 27001

What is the ISO/IEC Standard? ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard, which replaces the BS7799-2 standard, is internationally accepted as a specification for an Information Security Management System (ISMS). It is one of the most widely used information security principles…

CIS Controls

What are the CIS Controls? The CIS Critical Security Controls (CSC) are published by the Center for Internet Security (CIS) to assist organizations in better defending against well-known threats by converting critical security concepts into executable controls in order to reach a more comprehensive overall cybersecurity defensive strategy. The most…

CSA

What is the CSA? The Cloud Security Alliance (CSA) is an organization committed to securing cloud computing environments by sharing best practices and raising awareness of the risks involved. CSA draws on the subject matter of industry experts to provide cloud security-specific research, products and education. The CSA Security Trust…

NIST CSF

What is NIST CSF? The NIST Cybersecurity Framework, also known as the NIST CSF, enhances Critical Infrastructure Cybersecurity by providing a mechanism for evaluating and enhancing the capacity of private and public sector entities that own, operate, or supply critical infrastructure to avoid, track, and react to cyber incidents. Based…