Cybersecurity — Understanding the Fundamentals II (Standards)

Document Types

To provide a clear understanding of policies, standards, procedures, and guidelines, we prepared a table for you. It’s good to know the differences between policies, standards, procedures, guidelines to be able to understand the standards’ role in our life.

Document Types

What are the Standards? Why Are They Important?

Standards form the fundamental building blocks for product development by establishing consistent protocols that can be universally understood and adopted. This helps fuel compatibility and interoperability and simplifies product development, and speeds time-to-market. Standards also make it easier to understand and compare competing products. As standards are globally adopted and applied in many markets, they also fuel international trade.

It is only through the use of standards that the requirements of interconnectivity and interoperability can be assured. It is only through the application of standards that the credibility of new products and new markets can be verified. In summary, standards fuel the development and implementation of technologies that influence and transform the way we live, work and communicate.

Cybersecurity Standards

ISO/IEC 27001 & 27002

ISO/IEC 27001 is an information security standard that is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

ISO/IEC 27001specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

ISO/IEC 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements)

ISO/IEC 27001:2013/COR 1:2014 (Information technology — Security techniques — Information security management systems — Requirements — Technical Corrigendum 1)

ISO/IEC 27001:2013/COR 2:2015 (Information technology — Security techniques — Information security management systems — Requirements — Technical Corrigendum 2)

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).

ISO/IEC 27002 gives guidelines for organizational information security standards and information security management practices including the selection, implementation, and management of controls taking into consideration the organization’s information security risk environment(s).

It is designed to be used by organizations that intend to:

  • select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
  • implement commonly accepted information security controls;
  • develop their own information security management guidelines.

ISO/IEC 27002:2013 (Information technology — Security techniques — Code of practice for information security controls)

ISO/IEC 27002:2013/COR 1:2014 (Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 1)

ISO/IEC 27002:2013/COR 2:2015 (Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 2)

NIST Cybersecurity Framework

The NIST Cybersecurity Framework provides a policy framework of cybersecurity guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.

NIST Cybersecurity Framework

ISO/IEC 15408 (Common Criteria)

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.

ISO/IEC 15408 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

ANSI/ISA 62443 (Formerly ISA-99)

ANSI/ISA 62443 is a series of standards, technical reports, and related information that define procedures for implementing secure Industrial Automation and Control Systems (IACS).

ISA-62443 Standard Series

ISA/IEC 62443

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs).

COBIT 5 Information Security Framework

COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct important information security-related activities, and make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats.

COBIT 5 Information Security Policy Set

In addition, PCI DSS, HIPAA, and GDPR play an important role in how your service executes its information security governance policies.

--

--

--

Cybersecurity | Artificial Intelligence | Blockchain

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Deploying a Honeypot in Times of Log4J

{UPDATE} Jackpot Up Casino Slots Hack Free Resources Generator

What Is Search Encrypt's Browser Extension?

How I Hacked WhatsApp and Added Contacts to Groups When Being Blocked

DRIP is gaining huge momentum and I think it’s time we pushed it over the edge

{UPDATE} VI Block Hack Free Resources Generator

{UPDATE} Kingdom War-Fortress Defense Hack Free Resources Generator

Massachusetts Publishes Archive of Yearly Data Breaches

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ensar Seker

Ensar Seker

Cybersecurity | Artificial Intelligence | Blockchain

More from Medium

The Importance Of Online Reputation Management (And 8 Tips To Improve It) — Just Gilbey IT…

On the eve of IELTS LRW Tests

Just Got Rejected before Applying PhD

Something Brew-Tea-Ful!