Cybersecurity — Understanding the Fundamentals II (Standards)

Document Types

To provide a clear understanding of policies, standards, procedures, and guidelines, we prepared a table for you. It’s good to know the differences between policies, standards, procedures, guidelines to be able to understand the standards’ role in our life.

Document Types

What are the Standards? Why Are They Important?

Standards form the fundamental building blocks for product development by establishing consistent protocols that can be universally understood and adopted. This helps fuel compatibility and interoperability and simplifies product development, and speeds time-to-market. Standards also make it easier to understand and compare competing products. As standards are globally adopted and applied in many markets, they also fuel international trade.

It is only through the use of standards that the requirements of interconnectivity and interoperability can be assured. It is only through the application of standards that the credibility of new products and new markets can be verified. In summary, standards fuel the development and implementation of technologies that influence and transform the way we live, work and communicate.

Cybersecurity Standards

ISO/IEC 27001 & 27002

ISO/IEC 27001 is an information security standard that is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.

ISO/IEC 27001specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

ISO/IEC 27001:2013 (Information technology — Security techniques — Information security management systems — Requirements)

ISO/IEC 27001:2013/COR 1:2014 (Information technology — Security techniques — Information security management systems — Requirements — Technical Corrigendum 1)

ISO/IEC 27001:2013/COR 2:2015 (Information technology — Security techniques — Information security management systems — Requirements — Technical Corrigendum 2)

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).

ISO/IEC 27002 gives guidelines for organizational information security standards and information security management practices including the selection, implementation, and management of controls taking into consideration the organization’s information security risk environment(s).

It is designed to be used by organizations that intend to:

  • select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
  • implement commonly accepted information security controls;
  • develop their own information security management guidelines.

ISO/IEC 27002:2013 (Information technology — Security techniques — Code of practice for information security controls)

ISO/IEC 27002:2013/COR 1:2014 (Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 1)

ISO/IEC 27002:2013/COR 2:2015 (Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 2)

NIST Cybersecurity Framework

The NIST Cybersecurity Framework provides a policy framework of cybersecurity guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.

NIST Cybersecurity Framework

ISO/IEC 15408 (Common Criteria)

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.

ISO/IEC 15408 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of ISO/IEC 15408 which in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

ANSI/ISA 62443 (Formerly ISA-99)

ANSI/ISA 62443 is a series of standards, technical reports, and related information that define procedures for implementing secure Industrial Automation and Control Systems (IACS).

ISA-62443 Standard Series

ISA/IEC 62443

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission (IEC), provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACSs).

COBIT 5 Information Security Framework

COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct important information security-related activities, and make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats.

COBIT 5 Information Security Policy Set

In addition, PCI DSS, HIPAA, and GDPR play an important role in how your service executes its information security governance policies.

--

--

--

Cybersecurity | Artificial Intelligence | Blockchain

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Account Takeover Using A Simple Idor ~~ easy win

In 1–2 pages, Describe, in your own words, OWASP Top Ten Vulnerabilities.

SINOVATE Weekly Update 01/03/2021 ~ 08/03/2021

{UPDATE} snooker truc schot Hack Free Resources Generator

THE A,B,Cs OF BUILDING THE RIGHT SECURITY TEAM

{UPDATE} Animani - Learn about animals! Hack Free Resources Generator

Social Engineering

Account Takeover with the Ability to Bypass Email Verification

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ensar Seker

Ensar Seker

Cybersecurity | Artificial Intelligence | Blockchain

More from Medium

A Fedex & geolocation scraper with Python

Learn How to Manage Data By Modelling a Twisted Voxel Tower

Introduction to simulation with NetLogo: how to create a small factory?