What are cybersecurity standards and what their important for information security?
Cybersecurity standards are defined as a critical component through which the direction prescribed in an organization’s cybersecurity strategy and policies are translated and modeled into practical and measurable benchmarks. And it describes what must be achieved in terms of security goals in order to realizing an organization’s stated cybersecurity objectives and business requirements. Moreover, cybersecurity standards should be described in ensuing plans and operational measures that are designed and developed to implement the standard at a given point in time to protect organizational assets.
Organizations should identify mandatory cybersecurity objectives and security controls in which it must comply and build it into the organization’s cybersecurity frameworks. Furthermore, companies should establish cybersecurity standards to properly protect their information and information systems. However, enterprises should not attempt to develop and build the standards from scratch; rather they should rely on existing security standards and map it to suit their requirements. And it represents the crucial method through which an organization attempts to ensure that their cybersecurity strategies and policies are established in a consisten and measurable approach in a day-to-day security operations.
Adoption of cybersecurity standards requires support from senior management, and investment mainly that is dependent in revue on security investment (ROSI).
Common cybersecurity standards inlcude the following:
- COBIT 5
- OCTAVE
- ISO/IEC Sandards (ISO/IEC 27000 series)
- Payment card industry data security standard (PCI DSS)
- Health insurance portability and accountability act (HIPAA)
- General data protection regulation (GDPR)
- ITIL
- NIST SP 800-53
- NIST CSF
- More