Journal:Understanding cybersecurity frameworks and information security standards: A review and comprehensive overview
| Full article title | Understanding cybersecurity frameworks and information security standards: A review and comprehensive overview |
|---|---|
| Journal | Electronics |
| Author(s) | Taherdoost, Hamed |
| Author affiliation(s) | University Canada West |
| Primary contact | Email: hamed dot taherdoost at gmail dot com |
| Year published | 2022 |
| Volume and issue | 11(14) |
| Article # | 2181 |
| DOI | 10.3390/electronics11142181 |
| ISSN | 2079-9292 |
| Distribution license | Creative Commons Attribution 4.0 International |
| Website | https://www.mdpi.com/2079-9292/11/14/2181 |
| Download | https://www.mdpi.com/2079-9292/11/14/2181/pdf (PDF) |
 |
This article should be considered a work in progress and incomplete. Consider this article incomplete until this notice is removed. |
Abstract
Businesses are reliant on data to survive in the competitive market, and data is constantly in danger of loss or theft. Loss of valuable data leads to negative consequences for both individuals and organizations. Cybersecurity is the process of protecting sensitive data from damage or theft. To successfully achieve the objectives of implementing cybersecurity at different levels, a range of procedures and standards should be followed. Cybersecurity standards determine the requirements that an organization should follow to achieve cybersecurity objectives and minimize the impact of cybercrimes. Cybersecurity standards demonstrate whether an information management system can meet security requirements through a range of best practices and procedures. A range of standards has been established by various organizations to be employed in information management systems of different sizes and types. However, it is challenging for businesses to adopt the standard that is the most appropriate based on their cybersecurity demands. Reviewing the experiences of other businesses in the industry helps organizations to adopt the most relevant cybersecurity standards and frameworks.
This study presents a narrative review of the most frequently used cybersecurity standards and frameworks based on 1. existing papers in the cybersecurity field and 2. applications of these cybersecurity standards and frameworks in various fields to help organizations select the cybersecurity standard or framework that best fits their cybersecurity requirements.
Keywords: cybersecurity framework, cybersecurity standard, information security framework, information security standard, cybersecurity requirements, information security requirements, narrative review
Introduction
A standard is described as an ideal condition with a minimum achievement limit [1]. It also refers to technical specifications that are required to be applied by a service facility to enable service users to acquire the maximum function, purpose, or profit from the services [2]. Many international organizations, associations, and consortia have a vital role in the development of standards [3,4]. According to www.standards.org.au (accessed on 1 February 2022), standards are represented as documents which define specifications, procedures, and guidelines, aiming to ensure safety, consistency, and reliability of products, services, and systems. Moreover, based on the provided definition by ISO/IEC, standards are documents or rules made based on a general agreement and validated by a legal entity, which help to achieve optimal results, as a guideline, model, or sample, in a particular context [5]. A standard practically meets user demands, considers the limitations of technology and resources, and also meets the verification requirements [2].
References
Notes
This presentation is faithful to the original, with only a few minor changes to presentation, grammar, and punctuation. In some cases important information was missing from the references, and that information was added.
