March Madness - Security Frameworks Sweet Sixteen

**Updated 3/25 with final bracket results**

We are excited to announce that NIST CSF won the K logix March Madness Sweet Sixteen! After hundreds of votes from the security community, NIST came out on top after five days of voting. Here are the final results:

We want to hear from the security community – who is the winner when it comes to frameworks, standards, and regulations to follow?

Starting March 18th, vote on K logix’s LinkedIn page daily, or fill out our poll below. Once we have narrowed to a top 4 (1 winner from each day), we will vote to determine an overall #1 winner. 

Which framework/regulation do you find the most valuable? Which has the biggest impact on your program? Which does your security program rely on the most? Take these questions into consideration when voting and let us know!

Bracket 1:

• NIST CSF: Helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data *Day 1 Winner*
• Gramm-Leach-Bliley Act: Requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data
• ISO 27001: Provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system
• NIST 800-171: Protects controlled unclassified information in nonfederal systems and organizations

Bracket 2:

• SOC 2: Voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data *Day 2 Winner*
• HIPAA: A federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge
• SEC: The primary purpose is to enforce the law against market manipulation
• NIST 800-161: Supply chain risk management practices for federal information systems and organizations

Bracket 3:

• GDPR: European Union regulation on information privacy in the European Union and the European Economic Area *Day 3 Winner*
• COBIT: Created by ISACA to bridge the crucial gap between technical issues, business risks and control requirements
• NYS-DFS: To reform the regulation of financial services in New York to keep pace with the rapid and dynamic evolution of these industries, to guard against financial crises and to protect consumers and markets from fraud
• CSA Cloud Control Matrix: Cybersecurity control framework for cloud computing

Bracket 4:

• PCI: Includes all the various organizations responsible for storing, processing, and transmitting cardholder data
• NIST 800-53: Set of recommended security and privacy controls for federal information systems and organizations to help meet the Federal Information Security Management Act (FISMA) requirements.
• HITRUST: Helps organizations from all sectors–but especially healthcare–effectively manage data, information risk, and compliance
• CIS Controls: A prioritized set of actions for cybersecurity that form a defense-in-depth set of specific and actionable best practices to mitigate the most common cyber attacks *Day 4 Winner*