Cybersecurity — Understanding the Fundamentals II (Standards)

Policies, Standards, Procedures, and Guidelines

Image for post
Image for post
Document Types
Image for post
Image for post
Document Types

What are the Standards? Why Are They Important?

Standards form the fundamental building blocks for product development by establishing consistent protocols that can be universally understood and adopted. This helps fuel compatibility and interoperability and simplifies product development, and speeds time-to-market. Standards also make it easier to understand and compare competing products. As standards are globally adopted and applied in many markets, they also fuel international trade.

Cybersecurity Standards

ISO/IEC 27001 & 27002

ISO/IEC 27001 is an information security standard that is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

  • implement commonly accepted information security controls;
  • develop their own information security management guidelines.

NIST Cybersecurity Framework

The NIST Cybersecurity Framework provides a policy framework of cybersecurity guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.

Image for post
Image for post
NIST Cybersecurity Framework

ISO/IEC 15408 (Common Criteria)

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.

ANSI/ISA 62443 (Formerly ISA-99)

ANSI/ISA 62443 is a series of standards, technical reports, and related information that define procedures for implementing secure Industrial Automation and Control Systems (IACS).

Image for post
Image for post
ISA-62443 Standard Series

ISA/IEC 62443

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs).

COBIT 5 Information Security Framework

COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct important information security-related activities, and make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats.

Image for post
Image for post
COBIT 5 Information Security Policy Set

Cybersecurity | Artificial Intelligence | Blockchain

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store