Cyber and Information Security Standards Sources

Here is a list of the significant cyber and information security standards organizations. It is not extensive as many governments now offer cyber and information security portals to attract more awareness to cyber threats, crimes, and dangers. So have a look what your government is providing.

These sites should be in front of your digital Rolodex. These organizations publish materials that will help protect your cyber and information-environments. Additionally, they are a great start in finding the right content in your proactive security knowledge quest.

The International Organization for Standardization (ISO) is a consortium of national standards institutes from 157 countries, coordinated through a secretariat in Geneva, Switzerland. ISO is the world’s largest developer of standards. Here is a concise list:

  • ISO 15443: Information Technology – Security Techniques – A Framework for IT Security Assurance,
  • ISO-20000: Information Technology – Service Management,
  • ISO/IEC 22301: Societal Security – Business Continuity Management Systems – Requirements,
  • ISO/IEC 27001: Information Technology – Security techniques – Information Security Management Systems – Requirements,
  • ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management, 
  • ISO/IEC 27031: Guidelines for Information and Communication Technology Readiness for Business Continuity,
  • ISO/IEC 27032: Information Technology — Security Techniques — Guidelines for Cybersecurity,
  • ISO/IEC 27035: Information Security Incident Management.

The entire ISO/IEC 27000 series is of great interest to those who believe to be proactive with their cyber and information security endeavours.

ISO website: www.iso.org

The US National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. The NIST Computer Security Division develops standards, metrics, tests and validation programs as well as publishes rules and guidelines to increase secure IT planning, implementation, management and operation. NIST is also the custodian of the U.S. Federal Information Processing Standard publications (FIPS). NIST best work is its special publications (SP) 800 and 1800 series. The SP 1800 series documents present practical, usable, cybersecurity solutions to the cybersecurity community. These solutions demonstrate how to apply standards-based approaches and best practices. The SP 1800 document can map capabilities to the Cybersecurity Framework and outline steps needed for another entity or organization to recreate an example solution. The SP 800 series present information of interest to the computer security community. SP 800 comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities.

NIST website: nist.gov
FIPS webpage: https://www.nist.gov/itl/itl-publications/federal-information-processing-standards-fips
Special Publication (SP) 800 series webpage: https://www.nist.gov/itl/nist-special-publication-800-series-general-information
Special Publication (SP) 1800 series webpage: https://www.nist.gov/itl/nist-special-publication-1800-series-general-information

The Internet Society is a professional membership society with more than 100 organizations and over 20,000 individual members in over 180 countries. It provides leadership in addressing issues that confront the future of the internet, and it is the organizational home for the groups responsible for Internet infrastructure standards, including the Internet Engineering Task Force (IETF) and the Internet Architecture Board (IAB). The ISOC hosts the Requests for Comments (RFCs) which includes the Official Internet Protocol Standards and the RFC-2196 Site Security Handbook.

Internet Society website: http://www.internetsociety.org/
IETF website: https://www.ietf.org/
Site Security Handbook, RFC 2196
Users’ Security Handbook, RFC 2504

The Information Security Forum (ISF) is a global nonprofit organization of several hundred leading organizations in financial services, manufacturing, telecommunications, consumer goods, government, and other areas. It researches information security practices and offers advice in its biannual Standard of Good Practice and more detailed advisories for members.

ISF website: http://www.securityforum.org/
The standard of Good Practice for Information Security 2018 webpage: https://www.securityforum.org/tool/the-isf-standard-good-practice-information-security-2018/

The German Federal Office for Information Security (in German Bundesamt für Sicherheit in der Informationstechnik (BSI)) BSI-Standards 100-1 to 100-4 are a set of recommendations including “methods, processes, procedures, approaches and measures relating to information security.” The BSI-Standard 100-2 IT-Grundschutz Methodology describes how information security management can be implemented and operated. The standard includes a precise guide, the IT Baseline Protection Catalogs (also known as IT-Grundschutz Catalogs). The Catalogs are a collection of documents useful for detecting and combating security-relevant weak points in the IT environment (IT cluster). The collection encompasses as of September 2013 over 4,400 pages with the introduction and catalogues. The IT-Grundschutz approach aligns with to the ISO/IEC 2700x family.

BSI website: https://www.bsi.bund.de/EN/TheBSI/thebsi_node.html
Technical Publications download page: https://www.bsi.bund.de/EN/Service/Downloads/downloads_node.html

The European Telecommunications Standards Institute is an independent, not-for-profit, standardization organization in the telecommunications industry (equipment makers and network operators) in Europe, headquartered in Sophia-Antipolis, France, with worldwide projection. ETSI produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, broadcast and internet technologies. ESTI standardized a catalogue of information security indicators (ISI), headed by the Industrial Specification Group (ISG) ISI.

ESTI website: https://www.etsi.org/
ESTI ISI webpage: https://www.etsi.org/technologies-clusters/technologies/information-security-indicators

Here is a list of some government websites related to cyber and information security:

Also, you will find that there are dozens of organizations offering cyber and information security qualification frameworks; have a look here: https://en.wikipedia.org/wiki/List_of_computer_security_certifications.