ISO/IEC 27001:2022 is an international security standard that specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within an organisation.

The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then most recently revised in 2022.

International Organization for Standardization, ISO

MORE >>

ISO/IEC 27002:2022 is an international security standard that provides guidelines for organisational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organisation’s information security risk environment.

International Organization for Standardization, ISO

MORE >>

ISO/IEC 27017:2015 is an international security standard that provides guidelines for information security controls applicable to the provision and use of cloud services by both cloud service providers and cloud service customers.

International Organization for Standardization, ISO

MORE >>

ISO/IEC 27034:2011 is an international security standard that provides guidance to assist organisations in integrating security into the processes used for managing their applications.

It introduces definitions, concepts, principles and processes involved in application security.

The standard is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced.

International Organization for Standardization, ISO

MORE >>

ISO/IEC 27031:2011 is an international standard that describes the concepts and principles of information and communication technology (ICT) readiness for business continuity and provides a framework of methods and processes to identify and specify all aspects (i.e. performance criteria, design, and implementation) for improving an organisation’s ICT readiness to ensure business continuity.

It encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems.

MORE >>

ISO/IEC 27032:2012 is an international standard that provides guidance for improving the state of cyber security, drawing out the unique aspects of that activity and its dependencies on other security domains, in particular:

Information Security, Network Security, Internet Security, and Critical Information Infrastructure Protection (CIIP).

International Organization for Standardization, ISO

MORE >>

ISO/IEC 27701:2019 is an international standard that specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organisation.

International Organization for Standardization, ISO 

MORE >>

ISO/IEC 22301:2019 is an international standard that specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.

The requirements specified in this document are generic and intended to be applicable to all organisations, or parts thereof, regardless of type, size and nature of the organisation.

International Organization for Standardization, ISO

MORE >>

ISO/IEC 15408-1:2009 (Common Criteria Assurance Framework) was designed to provide assurances for security claims by vendors. It stablishes a universal format for evaluating security functions included in IT products.

Its primary purpose is to provide organisations with assurance that security products they purchase have been thoroughly tested by independent third-party testers and meet the requirements the customer has specified.

International Organization for Standardization, ISO

MORE >>

ISO 31000:2018 is an international risk standard that provides guidelines on managing risk faced by organisations. The application of these guidelines can be customized to any organisation and its context.

The standard provides a common approach to managing any type of risk, it is not industry or sector specific, it can be used throughout the life of the organisation and can be applied to any activity, including decision-making at all levels.

International Organization for Standardization, ISO

MORE >>

Sherwood Applied Business Security Architecture (SABSA) is a proven methodology for developing business-driven, risk and opportunity focused Security Architectures at both enterprise and solutions level that traceably support business objectives.

Sherwood Applied Business Security Architecture, SABSA

MORE >>

The TOGAF Standard is a proven Enterprise Architecture methodology and framework used by the world’s leading organisations to improve business efficiency.

It is the most prominent and reliable Enterprise Architecture standard, ensuring consistent standards, methods, and communication among Enterprise Architecture professionals.

The Open Group

MORE >>

NIST 800-53 is a guidance document with the primary objective of ensuring that appropriate security requirements and controls are applied to all US federal government information in information management systems.

National Institute of Standards and Technology, NIST

MORE >>

NIST 800-145 provides an analysis of the NIST Definition of Cloud Computing based on today’s perspective and provides a methodology for evaluating services, complementing the NIST definition.

National Institute of Standards and Technology, NIST

MORE >>

NIST 800-37 is the guide for implementing the Risk Management Framework (RMF). The framework is a methodology for handling all organisational risk in a comprehensive and continual manner.

National Institute of Standards and Technology, NIST

MORE >>

PCI Security Standards are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data.

The standards apply to all entities that store, process or transmit cardholder data – with requirements for software developers and manufacturers of applications and devices used in those transactions.

The Council is responsible for managing the security standards, while compliance with the PCI set of standards is enforced by the founding members of the Council: American Express, Discover Financial Services, JCB, MasterCard and Visa Inc.

PCI Security Standard Council, PCI SSC

MORE >>

The AI RMF 1.0 was created by NIST for the purpose of identifying and understanding current risks, impacts and harms associated with the use of artificial intelligence technologies by individuals and organisations. 

The Framework is divided into two parts: Part 1 discusses how organisations can frame the risks related to AI and describes the intended audience. Part 2 comprises the “Core” of the Framework.

National Institute of Standards and Technology, NIST

MORE >>