Over a period of time, there have been many security standards developed that have lead to organizations being able to increase their level of security and preventing because of which the organizations are becoming more capable of safely practicing security techniques. These standards are termed as cyber security standards and are meant to minimize the chance of successful attacks on organizations and increase their cyber security. In these guides, a general outline of cyber security is given along with the specific techniques that should be implemented. There are certain standards for which an accredited body can grant a cyber-security certification. With cyber security certification one gets many advantages and one of them is benefits in terms of cyber security insurance.
Nowadays a lot of sensitive and critical information is stored on networks, clouds and computers and this is one of the reasons behind the creation of these standards. Different cyber security standards are:
- ISO/ IEC 27002: This calls for assurance and security of the information. A part of the security management practice is given in the ISO/ IEC 27002. It is also known as BS7799. It serves as a guide for good cyber security management. This is a very high level explanatory guide. This standard emphasizes that confidentiality, integrity and availability characterize the information security. It consists of 11 control areas namely:
- Security policy
- Organizing information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations
- Access controls
- Information systems acquisition, development and maintenance
- Incident handling
- Business continuity management
- compliance
- ISO/ IEC 27001: This is a part of the BS7799 standard which offers guidance on framework for certification or we can say that the part 2 of this standard has been replaced by ISO/ IEC 27001 standard. This standard is backward compatible so that any organization using BS7799 part 2 faces no problem in implementing this. This framework is a management system that is used in implementation of the control objectives ISO 27002 that are incorporated in to ISO 27001.
- SoGP (standard of good practice): This standard is essentially a list of best information security practices published by ISF i.e., the information security forum. It also provides a comprehensive SoGP benchmark program.
- NERC (north American electric reliability corporation) offers many standards such as NERC 1300, NERC 1200, CIP – 002 – 1 to provide security to the bulk electric systems.
- NIST: Has provided the following standards:
- 800 – 12: Overview of the computer security along with control areas, importance of these controls, ways of implementation.
- 800 – 14: Lists most common security principles that are followed everywhere, description of computer security policy, suggestions for improvement and development of new practices.
- 800 – 26: Offers advice for the management of IT security, risk assessments and self-assessments.
- 800 – 37: Introduced a new approach for the application of risk management framework for the federal information systems.
- 800 – 53: It provided a guide for the assessment of the security controls for the federal information systems.
- ISO 15408: The common criteria are developed by this standard. it permits a number of software applications for integration and testing.
- RFC 2196: This is more like a memorandum about the development of security procedures and policies for the information systems that are connected through internet.
- ISA/ IEC – 62443: It provides all the related information such as standards and technical reports for defining the implementation of the control systems especially IACS (industrial automation and control system). The guidance is also for security practitioners, end users, control system manufacturers and so on.
Nowadays a lot of sensitive and critical information is stored on networks, clouds and computers and this is one of the reasons behind the creation of these standards. Different cyber security standards are:
- ISO/ IEC 27002: This calls for assurance and security of the information. A part of the security management practice is given in the ISO/ IEC 27002. It is also known as BS7799. It serves as a guide for good cyber security management. This is a very high level explanatory guide. This standard emphasizes that confidentiality, integrity and availability characterize the information security. It consists of 11 control areas namely:
- Security policy
- Organizing information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations
- Access controls
- Information systems acquisition, development and maintenance
- Incident handling
- Business continuity management
- compliance
- ISO/ IEC 27001: This is a part of the BS7799 standard which offers guidance on framework for certification or we can say that the part 2 of this standard has been replaced by ISO/ IEC 27001 standard. This standard is backward compatible so that any organization using BS7799 part 2 faces no problem in implementing this. This framework is a management system that is used in implementation of the control objectives ISO 27002 that are incorporated in to ISO 27001.
- SoGP (standard of good practice): This standard is essentially a list of best information security practices published by ISF i.e., the information security forum. It also provides a comprehensive SoGP benchmark program.
- NERC (north American electric reliability corporation) offers many standards such as NERC 1300, NERC 1200, CIP – 002 – 1 to provide security to the bulk electric systems.
- NIST: Has provided the following standards:
- 800 – 12: Overview of the computer security along with control areas, importance of these controls, ways of implementation.
- 800 – 14: Lists most common security principles that are followed everywhere, description of computer security policy, suggestions for improvement and development of new practices.
- 800 – 26: Offers advice for the management of IT security, risk assessments and self-assessments.
- 800 – 37: Introduced a new approach for the application of risk management framework for the federal information systems.
- 800 – 53: It provided a guide for the assessment of the security controls for the federal information systems.
- ISO 15408: The common criteria are developed by this standard. it permits a number of software applications for integration and testing.
- RFC 2196: This is more like a memorandum about the development of security procedures and policies for the information systems that are connected through internet.
- ISA/ IEC – 62443: It provides all the related information such as standards and technical reports for defining the implementation of the control systems especially IACS (industrial automation and control system). The guidance is also for security practitioners, end users, control system manufacturers and so on.
No comments:
Post a Comment