Professional Documents
Culture Documents
4. International Standards:
Cybersecurity standards are techniques set to published materials that attempt to protect
the cyber environment of a user or organization.
This environment includes users, networks, devices, all software, and information in
storage, applications, services, and systems that can be connected directly or indirectly to
networks.
The principal objective is to reduce the risks, including prevention or mitigation of
cyber-attacks.
TC (Technical Committee) CYBER is responsible for the standardization of Cyber
Security internationally and for providing a center of relevant expertise for other ETSI
committees.
The committee is looking in particular at the security of infrastructures, devices, services
and protocols, as well as security tools and techniques to ensure security.
It offers security advice and guidance to users, manufacturers and network and
infrastructure operators.
Its standards are freely available on-line.
ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best
practice for an information security management system (ISMS). Accredited certification
to ISO 27001 demonstrates that an organization is following international information
security best practices.
• Information is power
• Expectations
• Measure policy compliance
• Assessing risk & security level
• Assessing potential damage
• Change management
When to audit?
• Emergency!
• Before prime time
• Scheduled/maintenance
Who
Risk assessment committee, co-chaired by a high-level administrator and the senior IT
staff member.
How to do audit?
1. Asset Identification and Classification (Defining the Scope of Your Audit: Creating
Asset Lists)
3. Evaluation of Controls
Once assets, threats, and vulnerabilities have been identified, evaluate potential
countermeasures.
These should be thought of in terms of whether they prevent, detect, or respond to
attacks
4. Analysis, Decision, and Documentation
The final step is to analyze your controls and then make decisions about which
ones you want to implement.
Begin with a cost-benefit analysis.
Estimate costs for all suggested safeguards to mitigate a risk.
Audit Tools:
6. SSE-CMM / COBIT
Benefits of COBIT