Review Understanding Cybersecurity Frameworks and Information Security Standards-A Review and Comprehensive Overview

100%

electronics Review Understanding Cybersecurity Frameworks and Information Security Standards-A Review and Comprehensive Overview

Abstract: Businesses are reliant on data to survive in the competitive market, and data is constantly in danger of loss or theft. Loss of valuable data leads to negative consequences for both individuals and organizations. Cybersecurity is the process of protecting sensitive data from damage or theft. To successfully achieve the objectives of implementing cybersecurity at different levels, a range of procedures and standards should be followed. Cybersecurity standards determine the requirements that an organization should follow to achieve cybersecurity objectives and facilitate against cybercrimes. Cybersecurity standards demonstrate whether an information system can meet security requirements through a range of best practices and procedures. A range of standards has been established by various organizations to be employed in information systems of different sizes and types. However, it is challenging for businesses to adopt the standard that is the most appropriate based on their cybersecurity demands. Reviewing the experiences of other businesses in the industry helps organizations to adopt the most relevant cybersecurity standards and frameworks. This study presents a narrative review of the most frequently used cybersecurity standards and frameworks based on existing papers in the cybersecurity field and applications of these cybersecurity standards and frameworks in various fields to help organizations select the cybersecurity standard or framework that best fits their cybersecurity requirements.

One. Introduction

A standard is described as an ideal condition with a minimum achievement limit. It also refers to technical specifications that are required to be applied by a service facility to enable service users to acquire the maximum function, purpose, or profit from the services. Many international organizations, associations, and consortia have a vital role in the development of standards. According to standards.org.au, standards are represented as documents which define specifications, procedures, and guidelines, aiming to ensure safety, consistency, and reliability of products, services, and systems. Moreover, based on the provided definition by ISO and IEC, standards are documents or rules made based on a general agreement and validated by a legal entity, which help to achieve optimal results, as a guideline, model, or sample, in a particular context. A standard practically meets user demands, considers the limitations of technology and resources, and also meets the verification requirements.

The most commonly used "standard" term refers to established documents by professional bodies to be used by other organizations (i.e., technical standards, program standards), or standards of technical practice (i.e., practical cybersecurity standards).

The sets of practices or technical methods that help organizations to secure their cyber environment are referred to as cybersecurity standards. Cybersecurity standards include users, network infrastructure, software, hardware, processes, and information in system storage media that can be connected to the Internet network. The scope of cybersecurity standards is broad in that it covers security features in applications and cryptographic algorithms that mainly provide perspective toward security controls, processes, procedures, guidelines, and baselines. Security experts recommend implementing cybersecurity standards as a fundamentally essential element consisting of a collection of best practices to protect organizations from cybersecurity threats and risks.

The main aim of cybersecurity standards is to prevent or mitigate cyberattacks and reduce the risk of cyber threats. The implementation of standards will provide benefits in saving time, decreasing costs, increasing profits, improving user awareness, minimizing risks, and offering business continuity. Additionally, using standards facilitates the compliance of an organization to industry best practices and procedures and provides the opportunity to compare a security system on an international level. Hence, applying cybersecurity standards has been established in different organizations or businesses to protect assets against cyber threats. As a result, different cybersecurity standards have been developed by various organizations to ensure that organizations of different size and nature implement appropriate measures to prevent and mitigate cyber threats. However, since a considerable number of standards have been developed to cover different aspects of cybersecurity in various organizations, it may be challenging for business owners to choose the appropriate standard that is the best match for their business.

This study aims to provide an overview of the most frequently used cybersecurity standards based on existing papers in the cybersecurity field, clarifying their features and applications in different industries. A wide range of cybersecurity standards and frameworks are available to ensure the protection of data in different industries; however, this review paper aims to provide a comparative concept regarding cybersecurity standards and frameworks and facilitate the selection of the most appropriate cybersecurity standards and frameworks. This paper can be also helpful for academic purposes to determine the direction of further studies in this field.

In the first section, an overview of the most common cybersecurity standards and frameworks is provided. Then, a narrative literature review that is the result of extracting and analyzing seventeen papers published about cybersecurity standards between two thousand and twenty twenty-two, considering the aim of each study, the main findings of the research, as well as relevant industry and employed standards is provided. Finally, a concluding discussion is presented that clarifies the contribution of different standards for specific purposes.

Two. Cybersecurity Standards and Frameworks

Three. Cybersecurity Standards-Information Security Standards

Three point one. ISO/IEC two thousand seventy thousand Series

Three point two. ISO/IEC two thousand seventy thousand Series

Three point two point one. ISO/IEC two thousand seventy one

Three point two point two. ISO/IEC two thousand seventy two

Three point two point three. ISO/IEC two thousand seventy five

Three point two point four. ISO/IEC two thousand seventy six

Three point three. ISF Standard of Good Practice for Information Security.

Three point four. BSI IT-Grundschutz.

Three point four point one. BSI Standard one hundred-one.

Three point four point two. BSI-Standard one hundred-two.

Three point four point three. BSI-Standard one hundred-three.

Three point five. Industry Related Standards.

Three point five point one. IEC six thousand two hundred forty-three.

Three point five point two. ISO/SASE two thousand one hundred thirty-four.

Three point five point three. ETSI EN three hundred three six forty-five.

Three point five point four. FIPS fourteen zero-two

Four. Cybersecurity Frameworks-Information Security Frameworks

Four point one. COBIT

Four point two. The SP eight hundred Standard Series

Four point two point one. NIST Cybersecurity Framework

Four point two point two. NIST Risk Management Framework

Four point two point three. NIST Privacy Framework

Four point two point four. NIST SP eight hundred twelve

Four point two point five. NIST SP eight hundred fifty-three

Four point two point six. NIST SP eight hundred thirty

Four point two point seven. NIST SP eight hundred thirty-seven

Four point two point eight. NIST SP eight hundred thirty-nine

Four point two point nine. NIST SP eight hundred fourteen

Five. Research Methodology

Six. Review of Information Security Standards

Seven. Analysis and Discussion

Eight. Limitations

Nine. Conclusions

Overview

The study offers an extensive overview of commonly used cybersecurity standards and frameworks, aiding organizations in making informed decisions to enhance their cybersecurity practices. It reviews existing literature to clarify features and applications of these standards across different industries.

Key Points

1Cybersecurity is essential for protecting sensitive data from theft and damage
2Organizations face challenges in selecting the most appropriate cybersecurity standards
3A narrative review analyzes existing studies on cybersecurity standards and frameworks
4The implementation of standards offers benefits like cost savings and improved user awareness
5Cybersecurity frameworks provide flexible guidelines for effective cyber protection

Details

Authors: Hamed Taherdoost
Category: Technology and Engineering

PDF
Proficiency of records practitioners using artificial intelligence to enhance records management practices at the Gauteng Department of Education in South Africa
This study examines the proficiency of records practitioners at the Gauteng Department of Education in using artificial intelligence (AI) to improve records management practices. It employs a mixed-methods research approach to evaluate the existing skill levels and proposes a framework for upskilling these practitioners in AI utilization.
PDF
Intelligent Archive Management Based on Deep Learning Technology Driven by Artificial Intelligence
This research article presents a study on an intelligent archive management system (AMS) that employs deep learning (DL) technology to enhance the efficiency and accuracy of processing multimodal data. The proposed model addresses traditional AMS shortcomings such as data classification accuracy and system responsiveness.
PDF
Discharging Records Management Activities Using Artificial Intelligence at the Council for Scientific and Industrial Research, South Africa
This study investigates the application of artificial intelligence (AI) in enhancing records management activities at the Council for Scientific and Industrial Research (CSIR) in South Africa. It provides a framework for utilizing AI to improve efficiency in managing records throughout their life cycle.
PDF
Human-like systematic generalization through a meta-learning neural network
This article explores the capacity of neural networks to achieve human-like systematicity through a meta-learning approach that enhances compositional skills. It presents experimental findings comparing human and machine performance on systematic generalization tasks.
PDF
TBI-603 Network Security & Cyber Law Unit Notes
This document serves as comprehensive unit notes for a course on Network Security and Cyber Law, covering topics like network security practices, types of security attacks, and legal aspects of cybersecurity.