Data is the new oil for the century. We generate and store more and more data. It becomes important and legally required to manage information security and pricacy. Simple to say but in reality we face lots of norms and regulations (ISO/IEC 27001:2013, COBIT 5 for information security, ISF Standard of Good Practices 2013, SANS 20 Critical Security Controls, PCI/DSS 3, AICPA Generally Accepted Privacy Principles, CSA Cloud Security Controls, NIST…. ) and it becomes difficult to get an overview of operations conformity and maturity.

We have published an article on this topic in the newsletter of Clusis, Swiss association of information security. You can read the full article in french here.