Home » Insights » Standards

Standards

Cyber- and Information Security Standards – Dansk Standard

“Digitalization means an opportunity to connect everyday devices to the internet. The digital assistents are gaining traction, and smart TVs, health trackers, robot vacuums among others have become a part of our day to day lives. But as more and more consumer product are connected to the internet, some cyber security concerns arise, that we need to address.”

Dansk Standard – https://www.ds.dk/da/om-standarder/cyber-og-informationssikkerhedsstandarder/grundlaeggende-krav-for-cybersikkerhed-i-forbrugerprodukter-iot (translated)

IEC 62443-series on Industrial communication networks – Network and system security

The IEC 62443 series was developed to secure industrial automation and control systems (IACS) throughout their lifecycle. It currently includes nine standards, technical reports (TR) and technical specifications (TS).

International Electrotechnical Commission – https://www.iec.ch/blog/understanding-iec-62443

ETSI EN 303 645 Cyber Security for Consumer Internet of Things: Baseline Requirements

As more devices in the home connect to the Internet, the cyber security of the Internet of Things (IoT) becomes a growing concern. People entrust their data to an increasing number of online devices and services. Products and appliances that have traditionally been offline are now connected and need to be dsigned to withstand cyber threats.

ETSI – https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf

(ISO/IEC 27001 Information technology – Security techniques – Information security management
systems – Requirements)

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

ISO – https://www.iso.org/isoiec-27001-information-security.html

(ISO/IEC 27002 Information technology – Security techniques – Code of practice for information
security controls)

ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s).

ISO – https://www.iso.org/standard/54533.html

(ISO/IEC 27701 Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy
information management – Requirements and guidelines)

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

ISO – https://www.iso.org/standard/71670.html

(ISO/IEC 29134 Information technology – Security techniques – Guidelines for privacy
impact assessment (PIA))

ISO/IEC 29134:2017 gives guidelines for
– a process on privacy impact assessments, and
– a structure and content of a PIA report.
It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations.

ISO – https://www.iso.org/standard/62289.html

(ISO/IEC 27005 Information technology – Security techniques – Information security
risk management)

This document provides guidelines for information security risk management in an organization. However, this document does not provide any specific method for information security risk management. It is up to the organization to define their approach to risk management, depending for example on the scope of an information security management system (ISMS), context of risk management, or industry sector. A number of existing methodologies can be used under the framework described in this document to implement the requirements of an ISMS. This document is based on the asset, threat and vulnerability risk identification method that is no longer required by ISO/IEC 27001. There are some other approaches that can be used.

ISO – https://www.iso.org/obp/ui/#iso:std:75281:enhttps://www.iso.org/obp/ui/#iso:std:75281:en