What is Security Standards?

A security standard is "a published specification that establishes a common language, and contains a technical specification or other precise criteria and designed to be used consistently, as a rule, a guideline, or a definition." The goal of security standards is to improve information technology (IT) systems, networks, and critical infrastructures.

Security standards are generally provided for all organisations regardless of their size or the industry and sector they operate. This section includes information about each measure that usually recognised as an essential component of any cybersecurity strategy.

The standards may involve methods, guidelines, reference frameworks, etc. It ensures efficient security, facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity, and provides the structure for new developments.

Most Commonly Used Standards

  • ISO/IEC 27001 and 27002: ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard. ISO/IEC 27001 formally specifies a management system intended to bring information security under explicit management control. ISO/IEC 27002 incorporates mainly part 1 of the BS 7799 good security management practice standard. The latest versions of BS 7799 is BS 7799-3.
  • NERC: An initial attempt to create information security standards for the electrical power industry was created by NERC in 2003 and was known as NERC CSS (Cyber Security Standards).[8] After the CSS guidelines, NERC evolved and enhanced those requirements. The most widely recognised modern NERC security standard is NERC 1300, a modification/update of NERC 1200.
  • NIST: The NIST Cybersecurity Framework (NIST CSF) "provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes." It intended to help private sector organisations provide critical infrastructure to protect it and relevant protections for privacy and civil liberties.
  • ISO 15408: This standard develops what is called the "Common Criteria". It allows for many different software and hardware products to be integrated and tested securely.
  • IEC 62443: The IEC-62443 cybersecurity standards are multi-industry standards listing cybersecurity protection methods and techniques. These documents result from the IEC standards creation process where ANSI/ISA-62443 proposals and other inputs submitted to country committees where the review complete and comments regarding the changes introduced. These comments then reviewed by various IEC 62443 committees where the comments discussed and change agreed.
  • ANSI/ISA 62443 (Formerly ISA-99):

    ANSI/ISA 62443 is a series of standards, technical reports, and related information that define procedures for implementing secure Industrial Automation and Control Systems (IACS).

Looking for Security Standards Services?