When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
The UK’s Department for Business, Innovation & Skills (BIS) published its ‘Ten Steps to Cyber Security’ in 2012 as an overview of cyber security for executives. This guidance recognises that information is at the centre of business today, and that cyberspace exists as the whole digital architecture of society: both the internet in general and the information systems that support and maintain infrastructure, business and services.
The Ten Steps provide an excellent framework for top level understanding of cyber security. It relies on broader descriptions and objectives to explain the risks, defences and solutions that can then be approached across the whole organisation, rather than defining specific controls that may require specialised skills or experience to implement. As such, the Ten Steps can be achieved through the application of other standards, and the organisation that can tick off all of the points raised in the Ten Steps can be reasonably confident in the state of their cyber security.
IT Governance offers a cyber security risk assessment service based on the above framework.